[Esapi-user] ESAPI quesitons

Kevin W. Wall kevin.w.wall at gmail.com
Mon Jan 4 20:58:56 EST 2010

Johan Lim wrote:
> Hi All,
> I am new to the ESAPI toolkit. I have now downloaded ESAPI 1.4 and below are
> questions that I hope you all can help me with.
> 1) Where can I find information on how to set up ESAPI 1.4
> 2) Are there any tutorials to get me started to use ESAPI 1.4
> 3) My understanding is that ESAPI is a toolkit that provides us with tools
> to prevent XSS and CSRF issues. I now have a Web Application that is
> vunerable to XSS and CSRF, how can I add ESAPI to the Web Application? Does
> it involve a lot of changes to the WebApp itself?

Hi Johan. It's great that you are looking at ESAPI. I must agree with Jim
Manico's advice from the other day however that you really should be using
ESAPI 2.0. It's currently at RC4, with one more release candidate likely
before making it it official.

'Swingset' is a demo application that acts somewhat as a tutorial.

I'll let Jim or someone else answer the rest of the questions as I
doubt that you want to read a 342 page email response from me. ;-)

Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME

More information about the Esapi-user mailing list