[Esapi-user] ESAPI quesitons

Jim Manico jim.manico at owasp.org
Tue Jan 5 12:04:08 EST 2010


I agree with this advice. Let me know if you have any other ESAPI questions.

- Jim

> Johan Lim wrote:
>    
>> Hi All,
>>
>> I am new to the ESAPI toolkit. I have now downloaded ESAPI 1.4 and below are
>> questions that I hope you all can help me with.
>> 1) Where can I find information on how to set up ESAPI 1.4
>> 2) Are there any tutorials to get me started to use ESAPI 1.4
>> 3) My understanding is that ESAPI is a toolkit that provides us with tools
>> to prevent XSS and CSRF issues. I now have a Web Application that is
>> vunerable to XSS and CSRF, how can I add ESAPI to the Web Application? Does
>> it involve a lot of changes to the WebApp itself?
>>      
> Hi Johan. It's great that you are looking at ESAPI. I must agree with Jim
> Manico's advice from the other day however that you really should be using
> ESAPI 2.0. It's currently at RC4, with one more release candidate likely
> before making it it official.
>
> 'Swingset' is a demo application that acts somewhat as a tutorial.
>
> I'll let Jim or someone else answer the rest of the questions as I
> doubt that you want to read a 342 page email response from me. ;-)
>
> -kevin
>    



More information about the Esapi-user mailing list