[Esapi-user] How can I collaborate in ESAPI.Net

vanderaj vanderaj vanderaj at owasp.org
Mon Jun 24 09:37:29 UTC 2013


I can give a hand in the ESAPI for PHP port, but I'm not in charge of the
.NET port by any stretch of the imagination. All the ESAPI leaders should
sit down and workout a game plan, as I believe that ESAPI 2.x went too far
into J2EE idiom, which makes it a hard target for other languages, such as
JavaScript, Objective C, PHP and .NET.

It'd be really good if we could also deliberately work on changing the
world, by working to adopt a major framework, like Zend or Spring or Drupal
or Grails or ..., so as to include ESAPI's capabilities as their native
security solution.

Driving real world adoption will work out the theory kinks. For example,
I've tried helping my customers to adopt ESAPI 2.x on a large old Java
project, and it's not as easy as including a JAR file and then starting to
use it as you need it, you need to start adopting the whole thing, which is
simply infeasible in older software. I don't think that is a realistic plan
for most software. So let' s get in there and help some real world
frameworks get way better, and make it known that ESAPI is open for
adoption in any other framework.

thanks
Andrew


On Mon, Jun 24, 2013 at 7:23 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Chris
>
> is Andrew still in charge of this project?
>
> I've been approached by a few .Net developers who are interested to
> reactivate ESAPI .Net.
>
> Thanks
> Fabio
>
> Sent from my iPhone
>
> On 23 Jun 2013, at 00:58, Chris Schmidt <chrisisbeef at gmail.com> wrote:
>
> Michael - thanks for your interest and enthusiasm. The general concensus
> for the last year or two has been that the need for ESAPI.Net has
> dwindled as a result of the controls that are part of modern .Net. I would
> be interested to hear any compelling arguments you have against this
> however, as I do believe that ESAPI can co-exist with these existing
> controls, there just hasn't been anyone to own this idea and prove it out.
>
> Thanks!
>
> Chris Schmidt
>
>
> On Thu, Jun 20, 2013 at 8:07 PM, Michael Hidalgo <
> michael.hidalgo at owasp.org> wrote:
>
>> Hi Folks, greetings from  the beautiful Costa Rica!
>>
>> First at all, sorry if this is a recurrent question but I just subscribed
>> into the mailing list. I wonder what is the current status of ESAPI.NETproject?
>>
>> I was looking at the following thread at StackOverflow
>> http://stackoverflow.com/questions/4318410/is-esapi-net-a-dead-project ,
>> and even when the post is old (2011) I was so sad reading it.
>>
>> Therefore if was wondering how can I collaborate? I'm a Software
>> Developer in my bones :)  so I do have some ideas and I would like to see
>> what you guys think about it
>>
>> 1.Document it, document it and document it. This is a key step. If we
>> start writting about it in our blogs and in  a official site we can show
>> the value added of ESAPI.
>> 2.Create a repository at GitHub
>> 3.Create a NuGet Package and make it available.
>> 4.Extend it to make sure we are covering new technologies like MVC (well
>> it is not new  but let's say that the industry is adopting it) and Web API.
>>
>> What do you think about it? I'm very interested in collaborate.
>>
>> Thank you.
>>
>>
>>
>>
>> --
>>
>>  *Michael Hidalgo.
>> OWASP Chapter Leader & Researcher*
>>
>> *Blog: http://michaelhidalgocr.blogspot.com*
>>
>>
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>>
>
>
> --
> Chris Schmidt
>
> OWASP ESAPI Developer
> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>
> Check out OWASP ESAPI for Java
> http://code.google.com/p/owasp-esapi-java/
>
> OWASP ESAPI for JavaScript
> http://code.google.com/p/owasp-esapi-js/
>
> Yet Another Developers Blog
> http://yet-another-dev.blogspot.com
>
> Bio and Resume
> http://www.digital-ritual.net/resume.html
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130624/f1b19c30/attachment.html>


More information about the Esapi-user mailing list