[Esapi-user] org.owasp.esapi.filters.SecurityWrapperRequest and WrapperResponse

Lukas, Ray Ray.Lukas at supermedia.com
Mon May 23 11:32:48 EDT 2011


Cool man.. thanks.. that is what I thought.. Now onto trying out this SwingSet.. thanks boss..

Ray
________________________________
From: Jim Manico [mailto:jim.manico at owasp.org]
Sent: Monday, May 23, 2011 11:30 AM
To: Lukas, Ray
Cc: esapi-user at lists.owasp.org; Lukas, Ray
Subject: Re: [Esapi-user] org.owasp.esapi.filters.SecurityWrapperRequest and WrapperResponse

SecurityWrapperRequest is indeed the new SafeRequest :)

Jim Manico

On May 23, 2011, at 4:21 PM, "Lukas, Ray" <Ray.Lukas at supermedia.com<mailto:Ray.Lukas at supermedia.com>> wrote:

Simple Yes No question I hope..

I am new to ESAPI and working to understand what I think will be a HUGE help to us.
I am reading (what I am sure is a old document) www.owasp.org/images/7/79/ESAPI_Book.pdf<http://www.owasp.org/images/7/79/ESAPI_Book.pdf>

On Page 51 it identifies several threats dealing with Session objects and some ways to deal with them.
SafeRequest no longer seems to exist..
So I should use
org.owasp.esapi.filters.SecurityWrapperRequest
and
org.owasp.esapi.filters.SecurityWrapperResponse
and I should use these in my servlet input parameters to take care of these threats? Or do I need to do more?

Thanks Guys:
ray
_______________________________________________
Esapi-user mailing list
Esapi-user at lists.owasp.org<mailto:Esapi-user at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/esapi-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20110523/f3e9cf42/attachment.html 


More information about the Esapi-user mailing list