[Esapi-user] [Esapi-dev] Why ESAPI crypto uses a custom serialization scheme

Jim Manico jim.manico at owasp.org
Sat May 1 18:23:41 EDT 2010

I call cryto-bs here. Compromise of a client always always leads to  
data loss for that user.  As soon as a keylogger, malicious browser  
plugin or other client compromise is in effect - it's game over for  
that user - and potentially all other users that the victim has  
adminstrative access over.

What am I missing here Kevin?

Jim Manico

On May 1, 2010, at 10:22 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com>  


More information about the Esapi-user mailing list