[Esapi-user] How can I collaborate in ESAPI.Net

Michael Hidalgo michael.hidalgo at owasp.org
Mon Jun 24 11:09:10 UTC 2013


Hi guys,
Thanks for your all your comments here. I do agree it would be great to set
a roadmap around it. I can speak about the .NET world, specifically  about
the StackOverflow link posted earlier, where to me it would be great to
have a better documentation about the usage so people can see the value
added and also making it available in the current repository NuGet.

Thanks.



On Mon, Jun 24, 2013 at 5:03 AM, vanderaj vanderaj <vanderaj at owasp.org>wrote:

> Ooh, freudian slip!
>
> s/"I think we should throw away"/"I don't think we should throw away"/g
>
> My bad!
>
> thanks
> Andrew
>
>
> On Mon, Jun 24, 2013 at 9:02 PM, vanderaj vanderaj <vanderaj at owasp.org>wrote:
>
>> I think a meeting should be organized to discuss if it's worthwhile. I
>> think we should throw away years of work by many people just because some
>> of it is not to certain tastes.
>>
>> I'm pretty busy looking after the OWASP Developer Guide, I've got a new
>> draft of the ASVS in the works, and I'm mentoring a GSoC PHP Security
>> student, so ... I think I'd rather help by discussing and stepping back and
>> letting those with energy take over, which is how a good meritocracy should
>> be run.
>>
>> thanks
>> Andrew
>>
>>
>> On Mon, Jun 24, 2013 at 7:52 PM, Fabio Cerullo <fcerullo at owasp.org>wrote:
>>
>>> Apologies Andrew..guess got confused with the language ;-)
>>>
>>> so, are you suggesting to reactivate ESAPI and make integration easier
>>> or allocate developers to work on third party frameworks?
>>>
>>> Fabio
>>>
>>> Sent from my iPhone
>>>
>>> On 24 Jun 2013, at 10:37, vanderaj vanderaj <vanderaj at owasp.org> wrote:
>>>
>>> I can give a hand in the ESAPI for PHP port, but I'm not in charge of
>>> the .NET port by any stretch of the imagination. All the ESAPI leaders
>>> should sit down and workout a game plan, as I believe that ESAPI 2.x went
>>> too far into J2EE idiom, which makes it a hard target for other languages,
>>> such as JavaScript, Objective C, PHP and .NET.
>>>
>>> It'd be really good if we could also deliberately work on changing the
>>> world, by working to adopt a major framework, like Zend or Spring or Drupal
>>> or Grails or ..., so as to include ESAPI's capabilities as their native
>>> security solution.
>>>
>>> Driving real world adoption will work out the theory kinks. For example,
>>> I've tried helping my customers to adopt ESAPI 2.x on a large old Java
>>> project, and it's not as easy as including a JAR file and then starting to
>>> use it as you need it, you need to start adopting the whole thing, which is
>>> simply infeasible in older software. I don't think that is a realistic plan
>>> for most software. So let' s get in there and help some real world
>>> frameworks get way better, and make it known that ESAPI is open for
>>> adoption in any other framework.
>>>
>>> thanks
>>> Andrew
>>>
>>>
>>> On Mon, Jun 24, 2013 at 7:23 PM, Fabio Cerullo <fcerullo at owasp.org>wrote:
>>>
>>>> Chris
>>>>
>>>> is Andrew still in charge of this project?
>>>>
>>>> I've been approached by a few .Net developers who are interested to
>>>> reactivate ESAPI .Net.
>>>>
>>>> Thanks
>>>> Fabio
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 23 Jun 2013, at 00:58, Chris Schmidt <chrisisbeef at gmail.com> wrote:
>>>>
>>>> Michael - thanks for your interest and enthusiasm. The general
>>>> concensus for the last year or two has been that the need for ESAPI.Nethas dwindled as a result of the controls that are part of modern .Net. I
>>>> would be interested to hear any compelling arguments you have against this
>>>> however, as I do believe that ESAPI can co-exist with these existing
>>>> controls, there just hasn't been anyone to own this idea and prove it out.
>>>>
>>>> Thanks!
>>>>
>>>> Chris Schmidt
>>>>
>>>>
>>>> On Thu, Jun 20, 2013 at 8:07 PM, Michael Hidalgo <
>>>> michael.hidalgo at owasp.org> wrote:
>>>>
>>>>> Hi Folks, greetings from  the beautiful Costa Rica!
>>>>>
>>>>> First at all, sorry if this is a recurrent question but I just
>>>>> subscribed into the mailing list. I wonder what is the current status of
>>>>> ESAPI.NET project?
>>>>>
>>>>> I was looking at the following thread at StackOverflow
>>>>> http://stackoverflow.com/questions/4318410/is-esapi-net-a-dead-project ,
>>>>> and even when the post is old (2011) I was so sad reading it.
>>>>>
>>>>> Therefore if was wondering how can I collaborate? I'm a Software
>>>>> Developer in my bones :)  so I do have some ideas and I would like to see
>>>>> what you guys think about it
>>>>>
>>>>> 1.Document it, document it and document it. This is a key step. If we
>>>>> start writting about it in our blogs and in  a official site we can show
>>>>> the value added of ESAPI.
>>>>> 2.Create a repository at GitHub
>>>>> 3.Create a NuGet Package and make it available.
>>>>> 4.Extend it to make sure we are covering new technologies like MVC
>>>>> (well it is not new  but let's say that the industry is adopting it) and
>>>>> Web API.
>>>>>
>>>>> What do you think about it? I'm very interested in collaborate.
>>>>>
>>>>> Thank you.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>  *Michael Hidalgo.
>>>>> OWASP Chapter Leader & Researcher*
>>>>>
>>>>> *Blog: http://michaelhidalgocr.blogspot.com*
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Esapi-user mailing list
>>>>> Esapi-user at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Chris Schmidt
>>>>
>>>> OWASP ESAPI Developer
>>>> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>>>>
>>>> Check out OWASP ESAPI for Java
>>>> http://code.google.com/p/owasp-esapi-java/
>>>>
>>>> OWASP ESAPI for JavaScript
>>>> http://code.google.com/p/owasp-esapi-js/
>>>>
>>>> Yet Another Developers Blog
>>>> http://yet-another-dev.blogspot.com
>>>>
>>>> Bio and Resume
>>>> http://www.digital-ritual.net/resume.html
>>>>
>>>> _______________________________________________
>>>> Esapi-user mailing list
>>>> Esapi-user at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>>>
>>>>
>>> _______________________________________________
>>> Esapi-user mailing list
>>> Esapi-user at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/esapi-user
>>>
>>>
>>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>


-- 

 *Michael Hidalgo.
OWASP Chapter Leader & Researcher*

*Blog: http://michaelhidalgocr.blogspot.com*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20130624/7fd5d19e/attachment.html>


More information about the Esapi-user mailing list