[Esapi-user] How can I collaborate in ESAPI.Net

vanderaj vanderaj vanderaj at owasp.org
Mon Jun 24 11:03:28 UTC 2013


Ooh, freudian slip!

s/"I think we should throw away"/"I don't think we should throw away"/g

My bad!

thanks
Andrew


On Mon, Jun 24, 2013 at 9:02 PM, vanderaj vanderaj <vanderaj at owasp.org>wrote:

> I think a meeting should be organized to discuss if it's worthwhile. I
> think we should throw away years of work by many people just because some
> of it is not to certain tastes.
>
> I'm pretty busy looking after the OWASP Developer Guide, I've got a new
> draft of the ASVS in the works, and I'm mentoring a GSoC PHP Security
> student, so ... I think I'd rather help by discussing and stepping back and
> letting those with energy take over, which is how a good meritocracy should
> be run.
>
> thanks
> Andrew
>
>
> On Mon, Jun 24, 2013 at 7:52 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>
>> Apologies Andrew..guess got confused with the language ;-)
>>
>> so, are you suggesting to reactivate ESAPI and make integration easier or
>> allocate developers to work on third party frameworks?
>>
>> Fabio
>>
>> Sent from my iPhone
>>
>> On 24 Jun 2013, at 10:37, vanderaj vanderaj <vanderaj at owasp.org> wrote:
>>
>> I can give a hand in the ESAPI for PHP port, but I'm not in charge of the
>> .NET port by any stretch of the imagination. All the ESAPI leaders should
>> sit down and workout a game plan, as I believe that ESAPI 2.x went too far
>> into J2EE idiom, which makes it a hard target for other languages, such as
>> JavaScript, Objective C, PHP and .NET.
>>
>> It'd be really good if we could also deliberately work on changing the
>> world, by working to adopt a major framework, like Zend or Spring or Drupal
>> or Grails or ..., so as to include ESAPI's capabilities as their native
>> security solution.
>>
>> Driving real world adoption will work out the theory kinks. For example,
>> I've tried helping my customers to adopt ESAPI 2.x on a large old Java
>> project, and it's not as easy as including a JAR file and then starting to
>> use it as you need it, you need to start adopting the whole thing, which is
>> simply infeasible in older software. I don't think that is a realistic plan
>> for most software. So let' s get in there and help some real world
>> frameworks get way better, and make it known that ESAPI is open for
>> adoption in any other framework.
>>
>> thanks
>> Andrew
>>
>>
>> On Mon, Jun 24, 2013 at 7:23 PM, Fabio Cerullo <fcerullo at owasp.org>wrote:
>>
>>> Chris
>>>
>>> is Andrew still in charge of this project?
>>>
>>> I've been approached by a few .Net developers who are interested to
>>> reactivate ESAPI .Net.
>>>
>>> Thanks
>>> Fabio
>>>
>>> Sent from my iPhone
>>>
>>> On 23 Jun 2013, at 00:58, Chris Schmidt <chrisisbeef at gmail.com> wrote:
>>>
>>> Michael - thanks for your interest and enthusiasm. The general concensus
>>> for the last year or two has been that the need for ESAPI.Net has
>>> dwindled as a result of the controls that are part of modern .Net. I would
>>> be interested to hear any compelling arguments you have against this
>>> however, as I do believe that ESAPI can co-exist with these existing
>>> controls, there just hasn't been anyone to own this idea and prove it out.
>>>
>>> Thanks!
>>>
>>> Chris Schmidt
>>>
>>>
>>> On Thu, Jun 20, 2013 at 8:07 PM, Michael Hidalgo <
>>> michael.hidalgo at owasp.org> wrote:
>>>
>>>> Hi Folks, greetings from  the beautiful Costa Rica!
>>>>
>>>> First at all, sorry if this is a recurrent question but I just
>>>> subscribed into the mailing list. I wonder what is the current status of
>>>> ESAPI.NET project?
>>>>
>>>> I was looking at the following thread at StackOverflow
>>>> http://stackoverflow.com/questions/4318410/is-esapi-net-a-dead-project ,
>>>> and even when the post is old (2011) I was so sad reading it.
>>>>
>>>> Therefore if was wondering how can I collaborate? I'm a Software
>>>> Developer in my bones :)  so I do have some ideas and I would like to see
>>>> what you guys think about it
>>>>
>>>> 1.Document it, document it and document it. This is a key step. If we
>>>> start writting about it in our blogs and in  a official site we can show
>>>> the value added of ESAPI.
>>>> 2.Create a repository at GitHub
>>>> 3.Create a NuGet Package and make it available.
>>>> 4.Extend it to make sure we are covering new technologies like MVC
>>>> (well it is not new  but let's say that the industry is adopting it) and
>>>> Web API.
>>>>
>>>> What do you think about it? I'm very interested in collaborate.
>>>>
>>>> Thank you.
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>  *Michael Hidalgo.
>>>> OWASP Chapter Leader & Researcher*
>>>>
>>>> *Blog: http://michaelhidalgocr.blogspot.com*
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Esapi-user mailing list
>>>> Esapi-user at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>>>
>>>>
>>>
>>>
>>> --
>>> Chris Schmidt
>>>
>>> OWASP ESAPI Developer
>>> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>>>
>>> Check out OWASP ESAPI for Java
>>> http://code.google.com/p/owasp-esapi-java/
>>>
>>> OWASP ESAPI for JavaScript
>>> http://code.google.com/p/owasp-esapi-js/
>>>
>>> Yet Another Developers Blog
>>> http://yet-another-dev.blogspot.com
>>>
>>> Bio and Resume
>>> http://www.digital-ritual.net/resume.html
>>>
>>> _______________________________________________
>>> Esapi-user mailing list
>>> Esapi-user at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>>
>>>
>> _______________________________________________
>> Esapi-user mailing list
>> Esapi-user at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130624/06bec566/attachment.html>


More information about the Esapi-user mailing list