[GPC] [GPC-Mailbox] Regarding ESAPI PHP

Jason Li jason.li at owasp.org
Tue Oct 25 12:32:18 EDT 2011


John,

Unfortunately, the Global Projects Committee is not involved in each OWASP
project at a low technical level, so I can't personally address your
questions regarding the project.

My understanding is that the ESAPI PHP project is still in nascent
development. Other languages (such as Java) are currently *much more*
mature.

I've CC-ed the ESAPI PHP team who can hopefully address your specific
concerns.

-Jason

On Tue, Oct 25, 2011 at 9:27 AM, John <john at everwebby.com> wrote:

> Hello OWASP,
>
> I am writing you in regards to the OWASP ESAPI PHP project. I have been
> trying to implement this project into my own project for the last 4 days,
> but have not been successful in the least bit.
>
> First, being unfamiliar with svn's, I had difficulty in downloading, but
> after finding a svn downloading software, I was able to manage. After
> getting everything uploaded to my server, I didn't not know what to do next.
> I then navigated to the samples folder which had two sub folders, Hello and
> Swingset, both of which were empty. Then I went to Google, and found the
> Swingset, uninstalled the previous and uploaded Swingset.
>
> Read through the examples, and exploits that were suppose to happen, did
> not always happen. Pages that claimed to be secure and insecure, appeared to
> be just the opposite. I am not even sure if I am setup correctly and to
> adapt a new security app in my development which I am not confident about,
> surely does not help me to feel more secure about my application.
>
> I am new to object oriented programming and have been writing procedural
> apps for years, but I think the documentation could certainly use
> improvement. It would seem at this point, that simply using HTML PURIFIER,
> regex, flagging 404's and incompleted mysql queries would be more complete
> at this point.
>
> PS: If I am missing something here, please let me know.
>
> John Pelsang
> Everwebby LLC
> 302-857-0179
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20111025/a7f48e28/attachment.html 


More information about the Global-projects-committee mailing list