[Java-project] Fwd: ProfilingSecurityManager as an OWASP Java project

Stephen de Vries stephen at corsaire.com
Thu Jan 18 09:35:32 EST 2007


Mark Petrovic, the author of the article on discovering a Java  
application's security requirements
http://www.onjava.com/pub/a/onjava/2007/01/03/discovering-java- 
security-requirements.html

Has kindly granted permission to include the article contents and the  
source code on the OWASP Java site.  The code is fully functional and  
makes it really easy to discover and create a security policy  
tailored to a specific application.
Any volunteers for moving this onto the wiki?

regards,
Stephen


Begin forwarded message:

> From: "Mark Petrovic" <mspetrovic at gmail.com>
> Date: 18 January 2007 21:17:08 GMT+07:00
> To: "Stephen de Vries" <stephen at corsaire.com>
> Subject: Re: ProfilingSecurityManager as an OWASP Java project
>
> Ok.  Go ahead and give it a go.  Please let me know when the work  
> is posted.
>
> Mark
>
> On 1/17/07, Stephen de Vries < stephen at corsaire.com> wrote:
> On 17 Jan 2007, at 22:44, Mark Petrovic wrote:
>
> > The article that I would recommend using would be the OnJava
> > version.  The blog entry has some issues, and I'll likely remove it
> > soon.
> >
> > This is the best reference
> >
> > http://www.onjava.com/pub/a/onjava/2007/01/03/discovering-java-
> > security-requirements.html
> >
> > If someone wants to reformat it for use on your site, I would be
> > open to that.  However, I would insist on seeing that version
> > before it is available to the public, and would retain the  right
> > to withdraw the offer if it doesn't look right.
>
> Yep, that's fine.
> >
> > Too bad you can't just use the link to the OnJava work.  Am I
> > missing something?
>
> It's the difference between a static page and a wiki that can be
> changed by any of the project members.  So while we will always
> attribute the original content to you (and link to the onjava
> article), the content as posted to the wiki can change over time.
> This would allow it to improve and for users to refine the article
> and the code (maybe by using a 100% pure java solution instead of
> requiring perl, etc.).
>
> regards,
> Stephen
>
> >
> > Mark
> >
> > On 1/17/07, Stephen de Vries < stephen at corsaire.com> wrote:
> > OWASP is entirely volunteer and community driven, so we could more
> > than likely find someone who can reformat your existing blog entry
> > into mediawiki format and post it to the OWASP site.  No work from
> > you required, other than granting permission ;)
> >
> > Stephen
> >
> > On 17 Jan 2007, at 22:14, Mark Petrovic wrote:
> >
> > > Thank you for the encouragement and offer.  I am happy to post al
> > > link about the paper, but I've sort of "written" it three times
> > > now:  once on my blog in full, the second on the Grails site, and
> > > the third for OnJava.  I'm sort of exhausted on the subject.
> > >
> > > Is there something lesser I can do?
> > >
> > > Mark
> > >
> > > On 1/17/07, Stephen de Vries < stephen at corsaire.com > wrote:
> > > Hi,
> > >
> > > Would you be interested in posting your excellent article:
> > > Discovering a Java Application's Security Requirements as an  
> article
> > > on the OWASP Java site?
> > > http://www.owasp.org/index.php/OWASP_Java_Project
> > >
> > > This type of functionality was something we wanted to build as  
> part
> > > of the project.
> > >
> > > regards,
> > >
> > > --
> > > Stephen de Vries
> > > Corsaire Ltd
> > > E-mail: stephen at corsaire.com
> > > Tel:    +44 1483 226014
> > > Fax:    +44 1483 226068
> > > Web:     http://www.corsaire.com
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >  
> ----------------------------------------------------------------------
> > > CONFIDENTIALITY:  This e-mail and any files transmitted with it  
> are
> > > confidential and intended solely for the use of the recipient(s)
> > only.
> > > Any review, retransmission, dissemination or other use of, or  
> taking
> > > any action in reliance upon this information by persons or  
> entities
> > > other than the intended recipient(s) is prohibited.  If you have
> > > received this e-mail in error please notify the sender immediately
> > > and destroy the material whether stored on a computer or  
> otherwise.
> > >
> >  
> ----------------------------------------------------------------------
> > > DISCLAIMER:  Any views or opinions presented within this e-mail  
> are
> > > solely those of the author and do not necessarily represent those
> > > of Corsaire Limited, unless otherwise specifically stated.
> > >
> >  
> ----------------------------------------------------------------------
> > > Corsaire Limited, registered in England No. 3338312. Registered
> > > office: 3 Tannery House, Tannery Lane, Send, Surrey, GU23 7EF.
> > > Telephone: +44 (0)1483-226000
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Mark
> >
> > --
> > Stephen de Vries
> > Corsaire Ltd
> > E-mail: stephen at corsaire.com
> > Tel:    +44 1483 226014
> > Fax:    +44 1483 226068
> > Web:     http://www.corsaire.com
> >
> >
> >
> >
> >
> >
> >
> > --
> > Mark
>
> --
> Stephen de Vries
> Corsaire Ltd
> E-mail: stephen at corsaire.com
> Tel:    +44 1483 226014
> Fax:    +44 1483 226068
> Web:    http://www.corsaire.com
>
>
>
>
>
>
>
> -- 
> Mark

-- 
Stephen de Vries
Corsaire Ltd
E-mail: stephen at corsaire.com
Tel:	+44 1483 226014
Fax: 	+44 1483 226068
Web: 	http://www.corsaire.com






More information about the Java-project mailing list