[Esapi-user] [Esapi-dev] ESAPI WAF

Jeff Williams jeff.williams at aspectsecurity.com
Mon Nov 1 00:05:42 EDT 2010

My opinion is that every web application needs a way to quickly patch
vulnerabilities when they are discovered until they can get fixed right.
To me, this is a fundamental security control and something that falls
squarely into the ESAPI mission.


-----Original Message-----
From: esapi-dev-bounces at lists.owasp.org
[mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Monday, November 01, 2010 12:00 AM
To: ESAPI-Developers; ESAPI Users List; Arshan Dabirsiaghi
Subject: [Esapi-dev] ESAPI WAF

Is anyone using the ESAPI WAF? I'd love to hear about your experiences
with it.

I personally want to remove it from the code-base, but I do acknowledge
that it solves a crucial political itch for PCI-DSS that is important.

Luckily, Arshan has offered to clean up that code before the 2.0
release. :)


Esapi-dev mailing list
Esapi-dev at lists.owasp.org

More information about the Esapi-user mailing list