[Esapi-user] How can I collaborate in ESAPI.Net

vanderaj vanderaj vanderaj at owasp.org
Mon Jun 24 11:02:41 UTC 2013


I think a meeting should be organized to discuss if it's worthwhile. I
think we should throw away years of work by many people just because some
of it is not to certain tastes.

I'm pretty busy looking after the OWASP Developer Guide, I've got a new
draft of the ASVS in the works, and I'm mentoring a GSoC PHP Security
student, so ... I think I'd rather help by discussing and stepping back and
letting those with energy take over, which is how a good meritocracy should
be run.

thanks
Andrew


On Mon, Jun 24, 2013 at 7:52 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Apologies Andrew..guess got confused with the language ;-)
>
> so, are you suggesting to reactivate ESAPI and make integration easier or
> allocate developers to work on third party frameworks?
>
> Fabio
>
> Sent from my iPhone
>
> On 24 Jun 2013, at 10:37, vanderaj vanderaj <vanderaj at owasp.org> wrote:
>
> I can give a hand in the ESAPI for PHP port, but I'm not in charge of the
> .NET port by any stretch of the imagination. All the ESAPI leaders should
> sit down and workout a game plan, as I believe that ESAPI 2.x went too far
> into J2EE idiom, which makes it a hard target for other languages, such as
> JavaScript, Objective C, PHP and .NET.
>
> It'd be really good if we could also deliberately work on changing the
> world, by working to adopt a major framework, like Zend or Spring or Drupal
> or Grails or ..., so as to include ESAPI's capabilities as their native
> security solution.
>
> Driving real world adoption will work out the theory kinks. For example,
> I've tried helping my customers to adopt ESAPI 2.x on a large old Java
> project, and it's not as easy as including a JAR file and then starting to
> use it as you need it, you need to start adopting the whole thing, which is
> simply infeasible in older software. I don't think that is a realistic plan
> for most software. So let' s get in there and help some real world
> frameworks get way better, and make it known that ESAPI is open for
> adoption in any other framework.
>
> thanks
> Andrew
>
>
> On Mon, Jun 24, 2013 at 7:23 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>
>> Chris
>>
>> is Andrew still in charge of this project?
>>
>> I've been approached by a few .Net developers who are interested to
>> reactivate ESAPI .Net.
>>
>> Thanks
>> Fabio
>>
>> Sent from my iPhone
>>
>> On 23 Jun 2013, at 00:58, Chris Schmidt <chrisisbeef at gmail.com> wrote:
>>
>> Michael - thanks for your interest and enthusiasm. The general concensus
>> for the last year or two has been that the need for ESAPI.Net has
>> dwindled as a result of the controls that are part of modern .Net. I would
>> be interested to hear any compelling arguments you have against this
>> however, as I do believe that ESAPI can co-exist with these existing
>> controls, there just hasn't been anyone to own this idea and prove it out.
>>
>> Thanks!
>>
>> Chris Schmidt
>>
>>
>> On Thu, Jun 20, 2013 at 8:07 PM, Michael Hidalgo <
>> michael.hidalgo at owasp.org> wrote:
>>
>>> Hi Folks, greetings from  the beautiful Costa Rica!
>>>
>>> First at all, sorry if this is a recurrent question but I just
>>> subscribed into the mailing list. I wonder what is the current status of
>>> ESAPI.NET project?
>>>
>>> I was looking at the following thread at StackOverflow
>>> http://stackoverflow.com/questions/4318410/is-esapi-net-a-dead-project ,
>>> and even when the post is old (2011) I was so sad reading it.
>>>
>>> Therefore if was wondering how can I collaborate? I'm a Software
>>> Developer in my bones :)  so I do have some ideas and I would like to see
>>> what you guys think about it
>>>
>>> 1.Document it, document it and document it. This is a key step. If we
>>> start writting about it in our blogs and in  a official site we can show
>>> the value added of ESAPI.
>>> 2.Create a repository at GitHub
>>> 3.Create a NuGet Package and make it available.
>>> 4.Extend it to make sure we are covering new technologies like MVC (well
>>> it is not new  but let's say that the industry is adopting it) and Web API.
>>>
>>> What do you think about it? I'm very interested in collaborate.
>>>
>>> Thank you.
>>>
>>>
>>>
>>>
>>> --
>>>
>>>  *Michael Hidalgo.
>>> OWASP Chapter Leader & Researcher*
>>>
>>> *Blog: http://michaelhidalgocr.blogspot.com*
>>>
>>>
>>>
>>> _______________________________________________
>>> Esapi-user mailing list
>>> Esapi-user at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>>
>>>
>>
>>
>> --
>> Chris Schmidt
>>
>> OWASP ESAPI Developer
>> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>>
>> Check out OWASP ESAPI for Java
>> http://code.google.com/p/owasp-esapi-java/
>>
>> OWASP ESAPI for JavaScript
>> http://code.google.com/p/owasp-esapi-js/
>>
>> Yet Another Developers Blog
>> http://yet-another-dev.blogspot.com
>>
>> Bio and Resume
>> http://www.digital-ritual.net/resume.html
>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130624/9370b268/attachment.html>


More information about the Esapi-user mailing list