[Esapi-user] ESAPI Question from the community

Samantha Groves samantha.groves at owasp.org
Thu Nov 29 13:39:55 UTC 2012

Dear ESAPI List Members,

I was wondering if you could provide some assistance to Mr. Rohit Sharma,
cced into this message. I received a query from him today regarding an
ESAPI download. He got the download from here:
http://code.google.com/p/owasp-esapi-java/downloads/list . Please do have a
look and let me know if you are able to help.

Please see his message below:

I am using OWASP in a project to generate random password and also to
verify if password strength is strong enough. For both of these feature I
found incorrect documentation and incomplete implementation. I downloaded
2.0.1 version for Java. Here is couple of problems: 1- Verify password
method doesn't check if new password's length has minimum of 8 characters.
Doesn't even have configuration to support this feature, so I have to
program it further to make it happen.
2- Generate password method doesn't ensure that generated password has at
least one lower, upper, digit, and special character, so I have to improve
this feature as well. Please guide me if OWASP is aware of these missing
things or I am missing someting or got the incorrect version
(esapi-2.0.1-dist.zip ).

Thank you very much in advance for your assistance.


*Samantha Groves, MBA*****

*OWASP Project Manager*


The OWASP Foundation

London, United Kingdom

Email: samantha.groves at owasp.org

Skype: samanthahz

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20121129/68a4125f/attachment.html>

More information about the Esapi-user mailing list