[Esapi-user] ESAPI 1.4.2

Mike Boberski mike.boberski at gmail.com
Thu Jan 14 20:36:53 EST 2010


I would like to see in general (i.e. not specific to this version or
language) much more verbose "DEBUG" logging, particularly when it comes to
validating and encoding/escaping, so that one could for instance instruct a
development team who's using an adapter that I've built for them to turn it
to debug, re-run their tests, and send me the console output, where the
audit records are detailed enough to troubleshoot the security control in
question. For example, to output human-readable formatted bytes being
input/output. PKI toolkits, the better put-together ones, have something
similar, since debugging e.g. signatures can be equally painstaking.

This is something actually that the ESAPI for PHP team is working on as an
enhancement, to toot our own horns, as the first ESAPI team to publish an
ESAPI adapter according to the extended factory design pattern as defined in
the ESAPI design patterns doc.

For whatever it's worth!

Best,

Mike


On Thu, Jan 14, 2010 at 7:23 PM, Jim Manico <jim.manico at owasp.org> wrote:

> I'm getting ready to do a "ESAPI 1.4.x" sprint over the weekend in order
> to increase the quality of this branch.
>
> I've heard a mix of great success stories with 1.4, as well as some very
> frustrating challenges that are not easy to overcome.
>
> My tactical goals are:
>
> 1) Allow for programmatic disabling of the intrusion detector
> 2) Do another pass at the log4j logger and back-port some of the 2.0
> logging code to this branch. It needs it badly.
> 3) Stop releasing 1.4.x as a jar! argh! The 1.4.2 release needs to be a
> zip like the 2.0 branch where the property files are separated from the
> jar.
> 4) Double-check on
> http://code.google.com/p/owasp-esapi-java/issues/detail?id=21 and close
> it out.
>
> I start this sprint in less than 24 hours and will have it deployed for
> the community before Monday.
>
> Any other thoughts?
>
> - Jim
>
>
>
> --
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> http://www.manico.net
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100114/9a97bc7b/attachment.html 


More information about the Esapi-user mailing list