[Esapi-user] [Esapi-dev] JUG Presentation

Chris Schmidt chrisisbeef at gmail.com
Sun May 9 21:43:54 EDT 2010


I am indeed working on (actually 2 seperate sets) slides - one is 
centered around implementing ESAPI into enterprise legacy applications, 
and the other is more of a applied demonstration of using ESAPI and it's 
components with a focus on applying them towards real-world security 
issues. The second of these I will be using on my presentation for 
FROC2010 and hopefully AppSecUSA 2010 (if I am selected). They are both 
very developer focused and for most of the presentations I will be using 
the the Java implementation and pieces of the JavaScript implementation 
- however, in most cases as far as the way ESAPI is used in development 
there is very little difference between implementations.

As soon as my slides are done (the FROC2010 ones will be done this week) 
they will be posted on the OWASP site. The other one is also a part of 
some research that I am putting together for a book on the reality of 
implementing secure coding practices in an agile development 
environment. It will also be available as soon as it is done, but that 
one is probably a ways out.

Ken Sipe is also doing presentations on using the ESAPI for the Uber 
Development Conference and the No Fluff Just Stuff Software Symposium 
(arguably one of the best developer focused cons there is) so he would 
be another good resource.

I will do an e-mail introduction to Ken with you if you would like.

~Chris

On 5/9/2010 6:08 PM, Kevin W. Wall wrote:
> Jarret Raim wrote:
>    
>> All,
>>
>> I'm currently working on a presentation about ESAPI for
>> the next JUG meeting here in San Antonio. I'm still in the beginning
>> stages, but I wanted to reach out to everyone and get some suggestions
>> of resources that I might use.
>>
>> Obviously, I've been looking at the current OWASP site and I found
>> the Aspect presentation. One specific thing I was looking for is a
>> chart of what the status of the different language implementations
>> is? Has anyone created something like that already?
>>
>> My current plan is something like this:
>>
>>   * Intro - The first couple of slides will be an intro to the project.
>>     This would include the goals, who's using it, the vision and the
>>     different langauge implementations.
>>   * Architecture - The overall architecture and how it fits into JEE
>>   * Examples - Run through the major APIs with examples
>>   * Future Work
>>   * Conclusions
>>
>> If anyone has any resources or topics they think are critical to
>> cover, let me know. I'd love to have some war stories to pass on
>> as well, the ones on the site are just one liners.
>>      
> Jarret,
>
> First of all, please keep us in the loop with how this goes and I would
> encourage you to "donate" your slide deck either on the ESAPI wiki or
> elsewhere. (I'm sure that Mike Boberski could find a spot for it.)
>
> There are others that have talked about doing this. You have already found
> Jeff's presentation. I think Chris Schmidt was working on one, but I don't
> know how far he's gotten. I have been asked to prepare a similar talk for
> our local chapter of IEEE CS and possibly for the Security MBA group (that's
> MBA as in "Masters of Beer Appreciation", http://thesecuritymba.org/ ;-)
> Originally they wanted that back in March/April time frame, but I told them
> I wanted to wait until ESAPI 2.0 was GA.
>
> Anyway, I think it would be great if we could share these slide decks in a
> common place so we could all benefit from them. I know that I shall be doing
> that with mine once I have it written.
>
> Finally, AFAIK, no one has produced a chart of the status of all the different
> language implementations. (Or at least I have not seen one if there is.) Your
> best bet would probably try to gather a status update for each of them by
> contacting the individual project leads.
>
> And if you are looking for "war stories", you might find better luck on the
> ESAPI-Users list for that. I am CC'ing them with this reply.
>
> -kevin
>    



More information about the Esapi-user mailing list