[Esapi-user] Esapi-user Digest, Vol 20, Issue 12

Jeff Williams jeff.williams at aspectsecurity.com
Wed Jul 27 18:28:14 EDT 2011


Perhaps he is interested in canonicalization?  There are plenty of good reasons to have a SQLServer codec in ESAPI.

There were some discussions around this a while back, and maybe even an implementation.  Would you be interested in helping put this together? 

--Jeff



On Jul 27, 2011, at 5:22 PM, "Jim Manico" <jim.manico at owasp.org> wrote:

> Rama,
> 
> This is a deeply fragile way to stop XSS. Can you just use parameterized queries with data binding? We heavily recommend this as the best way to stop SQL injection.
> 
> - Jim Manico
> 
> On Jul 27, 2011, at 12:48 PM, Rama Krishna Pathangi <rpathangi at hotmail.com> wrote:
> 
>> Hello,
>>  
>> We are currently using ESAPI 2.0 GA.
>> In line with the following, I was wondering if we can have a codec for SQLServer in your future release.
>> SAPI.encoder().encodeForSQL( new OracleCodec(), dirtyString );
>> SAPI.encoder().encodeForSQL( new DB2Codec(), dirtyString );
>> 
>> --
>> Rama Krishna Rao Pathangi
>> [c] 1 503 962 9480
>> [f]  1 801 409 7951
>> 
>>  
>> > From: esapi-user-request at lists.owasp.org
>> > Subject: Esapi-user Digest, Vol 20, Issue 12
>> > To: esapi-user at lists.owasp.org
>> > Date: Wed, 27 Jul 2011 12:00:05 -0400
>> > 
>> > Send Esapi-user mailing list submissions to
>> > esapi-user at lists.owasp.org
>> > 
>> > To subscribe or unsubscribe via the World Wide Web, visit
>> > https://lists.owasp.org/mailman/listinfo/esapi-user
>> > or, via email, send a message with subject or body 'help' to
>> > esapi-user-request at lists.owasp.org
>> > 
>> > You can reach the person managing the list at
>> > esapi-user-owner at lists.owasp.org
>> > 
>> > When replying, please edit your Subject line so it is more specific
>> > than "Re: Contents of Esapi-user digest..."
>> > 
>> > 
>> > Today's Topics:
>> > 
>> > 1. Re: [Esapi-dev] ESAPI 2.0.1 Released (Dave Wolf)
>> > 2. Fwd: .NET and Java WAF (Christian Heinrich)
>> > 3. Re: .NET and Java WAF (Jim Manico)
>> > 4. Re: [Esapi-dev] .NET and Java WAF (Kevin W. Wall)
>> > 5. Re: [GPC] Fwd: .NET and Java WAF (Jason Li)
>> > 6. using SafeRequest (Normando Macaraeg)
>> > 7. Re: using SafeRequest (Kevin W. Wall)
>> > 8. Re: [Esapi-dev] .NET and Java WAF (Christian Heinrich)
>> > 
>> > 
>> > ----------------------------------------------------------------------
>> > 
>> > Message: 1
>> > Date: Tue, 26 Jul 2011 17:14:12 +0000
>> > From: Dave Wolf <dave.wolf at gmail.com>
>> > Subject: Re: [Esapi-user] [Esapi-dev] ESAPI 2.0.1 Released
>> > To: ESAPI Dev List <esapi-dev at lists.owasp.org>,
>> > "Esapi-user at lists.owasp.org" <Esapi-user at lists.owasp.org>
>> > Message-ID:
>> > <CAF1Q6Q3EHDgAwCheTt6e9E3HmZd+smu3eVSkEj8dqpHV1nRpyA at mail.gmail.com>
>> > Content-Type: text/plain; charset="utf-8"
>> > 
>> > Hi,
>> > 
>> > FYI, I'm not finding 2.0.1 on Maven Central. The most current release that
>> > shows up is 2.0GA. I'm searching using:
>> > g:"org.owasp.esapi" AND a:"esapi" AND v:"2.0.1"
>> > 
>> > Any ideas what is going on?
>> > 
>> > Thanks,
>> > 
>> > Dave Wolf
>> > 
>> > Date: Mon, 25 Jul 2011 08:01:35 -0400
>> > From: "Kevin W. Wall" <kevin.w.wall at gmail.com>
>> > Subject: Re: [Esapi-dev] ESAPI 2.0.1 Released
>> > To: Chris Schmidt <chris.schmidt at owasp.org>
>> > Cc: ESAPI Devs <esapi-dev at lists.owasp.org>,
>> > "Esapi-user at lists.owasp.org" <Esapi-user at lists.owasp.org>
>> > Message-ID:
>> > <CAOPE6PhgP5NnFLxA2nBKKCG5P39N4vuTU0+U1U3SmbcC_eY2kA at mail.gmail.com>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > On Mon, Jul 25, 2011 at 4:44 AM, Chris Schmidt <chris.schmidt at owasp.org>
>> > wrote:
>> > > Due to popular demand ESAPI 2.0.1 has been released with some minor (but
>> > > important) bug fixes. The changelist is below.
>> > > [snip]
>> > > Change log from 2.0.GA <http://2.0.ga/> to 2.0.1
>> > >
>> > > 2011-07-25 00:01:38 chrisisbeef     /trunk/pom.xml v 1858
>> > >
>> > > Removed version from project name... Fixes Issue #235
>> > > 2011-07-24 23:56:06 chrisisbeef
>> > > /trunk/configuration/esapi/
>> > ESAPI.properties v 1857
>> > > /trunk/src/test/java/org/owasp/esapi/reference/ValidatorTest.java v 1857
>> > >
>> > > Resolves issue #46 - allow context path to have leading slash or be empty
>> > > 2011-07-23 14:36:17 chrisisbeef
>> > >
>> > /trunk/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
>> > > v 1856
>> > >
>> > > Get rid of really irritating stacktrace everytime esapi loads.
>> > >
>> > > fixes issue #220
>> > > 2011-07-23 14:25:45 chrisisbeef
>> > > /trunk/src/main/java/org/owasp/esapi/reference/DefaultValidator.java v
>> > 1855
>> > >
>> > > Resolve issue 232 Validation Type Error
>> > > 2011-07-23 14:17:34 chrisisbeef
>> > > /trunk/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java v 1854
>> > >
>> > > Fix issue 231 inverted logic error with canonicalization.
>> > 
>> > Chris,
>> > 
>> > Well, let me be amongst the first to publically congratulate you for pushing
>> > out these fixes, and especially issue #46, which I pretty much dropped the
>> > ball on.
>> > 
>> > Thanks for your hard work. The whole ESAPI community owes you a beer!
>> > Great job.
>> > 
>> > -kevin
>> > --
>> > Blog: http://off-the-wall-security.blogspot.com/
>> > "The most likely way for the world to be destroyed, most experts agree,
>> > is by accident. That's where we come in; we're computer professionals.
>> > We *cause* accidents." -- Nathaniel Borenstein
>> > 
>> > Dave Wolf
>> > 
>> > "There is no passion to be found playing small - in settling for a life that
>> > is less than the one you are capable of living." --Nelson Mandela
>> > -------------- next part --------------
>> > An HTML attachment was scrubbed...
>> > URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110726/f6fa9b61/attachment-0001.html 
>> > 
>> > ------------------------------
>> > 
>> > Message: 2
>> > Date: Wed, 27 Jul 2011 10:23:39 +1000
>> > From: Christian Heinrich <christian.heinrich at owasp.org>
>> > Subject: [Esapi-user] Fwd: .NET and Java WAF
>> > To: Global Projects Committee
>> > <global-projects-committee at lists.owasp.org>
>> > Cc: ESAPI-Developers <esapi-dev at lists.owasp.org>,	ESAPI-Users
>> > <Esapi-user at lists.owasp.org>
>> > Message-ID:
>> > <CAFCvB5JThsd3g2AKP9kthkHKcywgj7dbK4r9JaMtqtVd3WEmZA at mail.gmail.com>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > GPC,
>> > 
>> > Please consider this notice that "we" intend to escalate for
>> > recognition as an OWASP Project by the GPC shortly after BlackHat and
>> > DefCon.
>> > 
>> > Hence I have CC ESAPI Mailing List for discussion in the interim until
>> > the @owasp.org Mailing Lists are created.
>> > 
>> > Juan, Ryan, Jason and Jason have been BCC.
>> > 
>> > ---------- Forwarded message ----------
>> > From: Christian Heinrich <christian.heinrich at owasp.org>
>> > Date: Tue, Jul 26, 2011 at 8:33 AM
>> > Subject: Re: [Esapi-user] WAF 2.0? alpha on repository
>> > To: "Calderon, Juan Carlos (GE, Corporate, consultant)" <juan.calderon at ge.com>
>> > Cc: Jim Manico <jim.manico at owasp.org>, Ryan Barnett <ryan.barnett at owasp.org>
>> > 
>> > 
>> > Juan,
>> > 
>> > On Tue, Jul 26, 2011 at 6:02 AM, Calderon, Juan Carlos (GE, Corporate,
>> > consultant) <juan.calderon at ge.com> wrote:
>> > > What do you mean closing this off? Having it ready or defining is an
>> > > OWASP project?
>> > 
>> > I was referring too having it listed as an OWASP Project, such as an
>> > associated mailing list, etc.
>> > 
>> > On Tue, Jul 26, 2011 at 6:02 AM, Calderon, Juan Carlos (GE, Corporate,
>> > consultant) <juan.calderon at ge.com> wrote:
>> > > Just as a small update, Aldo Salas a certified Java developer is helping
>> > > me out to finish this project, we have a progress meeting this Thursday,
>> > > also I sent a paper proposal to OWASP LATAM to present a course on
>> > > Mod_security for Java this October (that is it should be well tested and
>> > > finished by then) :)
>> > 
>> > I can note this milestone in the Project Plan - I will list it for
>> > November to account for the unlikely event that the deadline slips or
>> > to demonstrate that we ship it earlier then expected :)
>> > 
>> > 
>> > -- 
>> > Regards,
>> > Christian Heinrich
>> > http://www.owasp.org/index.php/user:cmlh
>> > 
>> > 
>> > ------------------------------
>> > 
>> > Message: 3
>> > Date: Tue, 26 Jul 2011 19:25:14 -0500
>> > From: Jim Manico <jim.manico at owasp.org>
>> > Subject: Re: [Esapi-user] .NET and Java WAF
>> > To: Christian Heinrich <christian.heinrich at owasp.org>
>> > Cc: ESAPI-Developers <esapi-dev at lists.owasp.org>,	ESAPI-Users
>> > <Esapi-user at lists.owasp.org>,	Global Projects Committee
>> > <global-projects-committee at lists.owasp.org>
>> > Message-ID: <-2981349937657456396 at unknownmsgid>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > I totally support splitting the ESAPI WAF into a brand new project. Go
>> > for it - and great work!
>> > 
>> > - Jim Manico
>> > 
>> > On Jul 26, 2011, at 7:23 PM, Christian Heinrich
>> > <christian.heinrich at owasp.org> wrote:
>> > 
>> > > GPC,
>> > >
>> > > Please consider this notice that "we" intend to escalate for
>> > > recognition as an OWASP Project by the GPC shortly after BlackHat and
>> > > DefCon.
>> > >
>> > > Hence I have CC ESAPI Mailing List for discussion in the interim until
>> > > the @owasp.org Mailing Lists are created.
>> > >
>> > > Juan, Ryan, Jason and Jason have been BCC.
>> > >
>> > > ---------- Forwarded message ----------
>> > > From: Christian Heinrich <christian.heinrich at owasp.org>
>> > > Date: Tue, Jul 26, 2011 at 8:33 AM
>> > > Subject: Re: [Esapi-user] WAF 2.0? alpha on repository
>> > > To: "Calderon, Juan Carlos (GE, Corporate, consultant)" <juan.calderon at ge.com>
>> > > Cc: Jim Manico <jim.manico at owasp.org>, Ryan Barnett <ryan.barnett at owasp.org>
>> > >
>> > >
>> > > Juan,
>> > >
>> > > On Tue, Jul 26, 2011 at 6:02 AM, Calderon, Juan Carlos (GE, Corporate,
>> > > consultant) <juan.calderon at ge.com> wrote:
>> > >> What do you mean closing this off? Having it ready or defining is an
>> > >> OWASP project?
>> > >
>> > > I was referring too having it listed as an OWASP Project, such as an
>> > > associated mailing list, etc.
>> > >
>> > > On Tue, Jul 26, 2011 at 6:02 AM, Calderon, Juan Carlos (GE, Corporate,
>> > > consultant) <juan.calderon at ge.com> wrote:
>> > >> Just as a small update, Aldo Salas a certified Java developer is helping
>> > >> me out to finish this project, we have a progress meeting this Thursday,
>> > >> also I sent a paper proposal to OWASP LATAM to present a course on
>> > >> Mod_security for Java this October (that is it should be well tested and
>> > >> finished by then) :)
>> > >
>> > > I can note this milestone in the Project Plan - I will list it for
>> > > November to account for the unlikely event that the deadline slips or
>> > > to demonstrate that we ship it earlier then expected :)
>> > >
>> > >
>> > > --
>> > > Regards,
>> > > Christian Heinrich
>> > > http://www.owasp.org/index.php/user:cmlh
>> > 
>> > 
>> > ------------------------------
>> > 
>> > Message: 4
>> > Date: Tue, 26 Jul 2011 21:39:10 -0400
>> > From: "Kevin W. Wall" <kevin.w.wall at gmail.com>
>> > Subject: Re: [Esapi-user] [Esapi-dev] .NET and Java WAF
>> > To: Jim Manico <jim.manico at owasp.org>
>> > Cc: ESAPI-Developers <esapi-dev at lists.owasp.org>,	ESAPI-Users
>> > <Esapi-user at lists.owasp.org>,	Global Projects Committee
>> > <global-projects-committee at lists.owasp.org>
>> > Message-ID:
>> > <CAOPE6Ph85Po+9Qs6d96GzYg4=5j5sYXQOU7JFEpJgF+o8iX_dg at mail.gmail.com>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > On Tue, Jul 26, 2011 at 8:25 PM, Jim Manico <jim.manico at owasp.org> wrote:
>> > > I totally support splitting the ESAPI WAF into a brand new project. Go
>> > > for it - and great work!
>> > 
>> > Christian,
>> > 
>> > I concur. However, please do keep us in the loop, especially if you make
>> > any changes that would affect out it is used in ESAPI. I think that we would
>> > like to keep it as an option there and also be able to drop in your latest
>> > version.
>> > 
>> > Thanks,
>> > -kevin
>> > -- 
>> > Blog: http://off-the-wall-security.blogspot.com/
>> > "The most likely way for the world to be destroyed, most experts agree,
>> > is by accident. That's where we come in; we're computer professionals.
>> > We *cause* accidents." ? ? ? ?-- Nathaniel Borenstein
>> > 
>> > 
>> > ------------------------------
>> > 
>> > Message: 5
>> > Date: Tue, 26 Jul 2011 21:51:42 -0400
>> > From: Jason Li <jason.li at owasp.org>
>> > Subject: Re: [Esapi-user] [GPC] Fwd: .NET and Java WAF
>> > To: Christian Heinrich <christian.heinrich at owasp.org>
>> > Cc: ESAPI-Developers <esapi-dev at lists.owasp.org>,	ESAPI-Users
>> > <Esapi-user at lists.owasp.org>,	Global Projects Committee
>> > <global-projects-committee at lists.owasp.org>
>> > Message-ID:
>> > <CAPfGuxawWMudERxnbN+-LfKZQ1tMfhUVs69fs9ntWkjHOiNPjg at mail.gmail.com>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > Christian,
>> > 
>> > There's no need to "escalate" for recognition.
>> > 
>> > Any idea can always be submitted to the GPC and they will be processed
>> > by Paulo Coimbra like all other requests.
>> > 
>> > I would encourage the group to read the wiki article on starting an
>> > OWASP project (https://www.owasp.org/index.php/How_to_Start_an_OWASP_Project)
>> > and ensure that the group submits the necessary information.
>> > 
>> > -Jason
>> > 
>> > On Tue, Jul 26, 2011 at 8:23 PM, Christian Heinrich
>> > <christian.heinrich at owasp.org> wrote:
>> > > GPC,
>> > >
>> > > Please consider this notice that "we" intend to escalate for
>> > > recognition as an OWASP Project by the GPC shortly after BlackHat and
>> > > DefCon.
>> > >
>> > > Hence I have CC ESAPI Mailing List for discussion in the interim until
>> > > the @owasp.org Mailing Lists are created.
>> > >
>> > > Juan, Ryan, Jason and Jason have been BCC.
>> > >
>> > > ---------- Forwarded message ----------
>> > > From: Christian Heinrich <christian.heinrich at owasp.org>
>> > > Date: Tue, Jul 26, 2011 at 8:33 AM
>> > > Subject: Re: [Esapi-user] WAF 2.0? alpha on repository
>> > > To: "Calderon, Juan Carlos (GE, Corporate, consultant)" <juan.calderon at ge.com>
>> > > Cc: Jim Manico <jim.manico at owasp.org>, Ryan Barnett <ryan.barnett at owasp.org>
>> > >
>> > >
>> > > Juan,
>> > >
>> > > On Tue, Jul 26, 2011 at 6:02 AM, Calderon, Juan Carlos (GE, Corporate,
>> > > consultant) <juan.calderon at ge.com> wrote:
>> > >> What do you mean closing this off? Having it ready or defining is an
>> > >> OWASP project?
>> > >
>> > > I was referring too having it listed as an OWASP Project, such as an
>> > > associated mailing list, etc.
>> > >
>> > > On Tue, Jul 26, 2011 at 6:02 AM, Calderon, Juan Carlos (GE, Corporate,
>> > > consultant) <juan.calderon at ge.com> wrote:
>> > >> Just as a small update, Aldo Salas a certified Java developer is helping
>> > >> me out to finish this project, we have a progress meeting this Thursday,
>> > >> also I sent a paper proposal to OWASP LATAM to present a course on
>> > >> Mod_security for Java this October (that is it should be well tested and
>> > >> finished by then) :)
>> > >
>> > > I can note this milestone in the Project Plan - I will list it for
>> > > November to account for the unlikely event that the deadline slips or
>> > > to demonstrate that we ship it earlier then expected :)
>> > >
>> > >
>> > > --
>> > > Regards,
>> > > Christian Heinrich
>> > > http://www.owasp.org/index.php/user:cmlh
>> > > _______________________________________________
>> > > Global-projects-committee mailing list
>> > > Global-projects-committee at lists.owasp.org
>> > > https://lists.owasp.org/mailman/listinfo/global-projects-committee
>> > >
>> > 
>> > 
>> > ------------------------------
>> > 
>> > Message: 6
>> > Date: Tue, 26 Jul 2011 19:48:57 -0700 (PDT)
>> > From: "Normando Macaraeg" <nmacaraeg at jaspersoft.com>
>> > Subject: [Esapi-user] using SafeRequest
>> > To: <esapi-user at lists.owasp.org>
>> > Message-ID: <[email protected]>
>> > Content-Type: text/plain;	charset="us-ascii"
>> > 
>> > Hi,
>> > 
>> > Using the ESAPI Book as my guide, it looks like when I find code that
>> > looks like: 
>> > 
>> > HttpSession session = request.getSession(); // unsafe session
>> > 
>> > I should change the code to this:
>> > 
>> > HttpSession session = new SafeRequest( request ).getSession(); // safe
>> > session
>> > 
>> > But the book says this works only if I enable the ESAPIFilter. How do I
>> > enable the ESAPIFilter?
>> > 
>> > -Norm
>> > 
>> > 
>> > ------------------------------
>> > 
>> > Message: 7
>> > Date: Tue, 26 Jul 2011 23:32:01 -0400
>> > From: "Kevin W. Wall" <kevin.w.wall at gmail.com>
>> > Subject: Re: [Esapi-user] using SafeRequest
>> > To: Normando Macaraeg <nmacaraeg at jaspersoft.com>
>> > Cc: esapi-user at lists.owasp.org
>> > Message-ID:
>> > <CAOPE6Pj3joRXWCo8bJY+BJPDy9Z_om-AZDkokumJEiSFganNPQ at mail.gmail.com>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > On Tue, Jul 26, 2011 at 10:48 PM, Normando Macaraeg
>> > <nmacaraeg at jaspersoft.com> wrote:
>> > > Hi,
>> > >
>> > > Using the ESAPI Book as my guide, it looks like when I find code that
>> > > looks like:
>> > >
>> > > HttpSession session = request.getSession(); // unsafe session
>> > >
>> > > I should change the code to this:
>> > >
>> > > HttpSession session = new SafeRequest( request ).getSession(); // safe
>> > > session
>> > >
>> > > But the book says this works only if I enable the ESAPIFilter. How do I
>> > > enable the ESAPIFilter?
>> > 
>> > You configure it just like any other Java Servlet filter.
>> > In your WEB-INF/web.xml file, you would do something like
>> > this:
>> > 
>> > <web-app id="myWebApp">
>> > ...
>> > <filter>
>> > <filter-name>ESAPI-Filter</filter-name>
>> > <filter-class>org.owasp.esapi.filters.ESAPIFilter</filter-class>
>> > <!-- Note: Not sure it has any parameters. Check the
>> > sourc code or ask Jeff Williams. I don't have time
>> > right now. However, this is how you specify
>> > parameters. You can have more than one init-param
>> > section. -->
>> > <init-param>
>> > <param-name>greetings</param-name>
>> > <param-value>Hello, World</param-value>
>> > </init-param>
>> > </filter>
>> > 
>> > <filter-mapping>
>> > <filter-name>ESAPI-Filter</filter-name>
>> > <url-pattern>/images/*</url-pattern>
>> > </filter-mapping>
>> > </filter>
>> > ...
>> > </web-app>
>> > 
>> > The exact syntax may be slightly different depending on what
>> > Servlet Spec your JavaEE / servlet container adheres to. Shown
>> > above is for Servlet Spec 2.4.
>> > 
>> > -kevin
>> > --
>> > Blog: http://off-the-wall-security.blogspot.com/
>> > "The most likely way for the world to be destroyed, most experts agree,
>> > is by accident. That's where we come in; we're computer professionals.
>> > We *cause* accidents." -- Nathaniel Borenstein
>> > 
>> > 
>> > ------------------------------
>> > 
>> > Message: 8
>> > Date: Wed, 27 Jul 2011 16:54:00 +1000
>> > From: Christian Heinrich <christian.heinrich at owasp.org>
>> > Subject: Re: [Esapi-user] [Esapi-dev] .NET and Java WAF
>> > To: "Kevin W. Wall" <kevin.w.wall at gmail.com>
>> > Cc: ESAPI-Developers <esapi-dev at lists.owasp.org>,	ESAPI-Users
>> > <Esapi-user at lists.owasp.org>
>> > Message-ID:
>> > <CAFCvB5Lq+GHVgySp+Z0do4x0w4RdN1YF1wy5Bbk4PrXLeQcK6A at mail.gmail.com>
>> > Content-Type: text/plain; charset=ISO-8859-1
>> > 
>> > Kevin,
>> > 
>> > I have dropped the GPC for the moment from this discussion.
>> > 
>> > On Wed, Jul 27, 2011 at 11:39 AM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>> > > I concur. However, please do keep us in the loop, especially if you make
>> > > any changes that would affect out it is used in ESAPI. I think that we would
>> > > like to keep it as an option there and also be able to drop in your latest
>> > > version.
>> > 
>> > I can create a dependency in the Project Plan for this and a SVN tag
>> > for the attention of EASPI Java.
>> > 
>> > For your reference, Juan's import from ESAPI Java was
>> > http://code.google.com/p/owasp-java-waf/source/detail?r=2
>> > 
>> > 
>> > -- 
>> > Regards,
>> > Christian Heinrich
>> > http://www.owasp.org/index.php/user:cmlh
>> > 
>> > 
>> > ------------------------------
>> > 
>> > _______________________________________________
>> > Esapi-user mailing list
>> > Esapi-user at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/esapi-user
>> > 
>> > 
>> > End of Esapi-user Digest, Vol 20, Issue 12
>> > ******************************************
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
> 
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110727/72fc99b1/attachment-0001.html 


More information about the Esapi-user mailing list