[Owasp-appsensor-project] ESAPI WAF Contribution

Ryan Barnett ryan.barnett at owasp.org
Tue Feb 14 14:03:24 UTC 2012

I thought that the ESAPI WAF code was being removed and separated out to
the OWASP-JAVA-WAF project -

How do these two relate?


On 2/13/12 9:11 PM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:

>Looping in the AppSensor team...
>Michael, John, Colin, et al,
>On Thu, Feb 2, 2012 at 1:45 PM, James Manico <jim at manico.net> wrote:
>> Looping in ESAPI leads...
>> --
>> Jim Manico
>> VP, Security Architecture
>> WhiteHat Security
>> (808) 652-3805
>> On Feb 2, 2012, at 8:42 AM, Jon Gill <jagill.vt at gmail.com> wrote:
>> Hi Arshan & Jim,
>> Roger and I had committed a contribution for ESAPI WAF back in August
>> I was just pinging you both in case you had not seen it.
>> http://code.google.com/p/owasp-esapi-java/issues/detail?id=244
>> Thanks!
>> Jon
>Can you take a look at this work that Jon Gill and Roger Seagle
>did regarding the extending ESAPI WAF and make sure that it is still
>compatible with using AppSensor within ESAPI? I'm not sure
>I could make an accurate assessment without diving significantly
>into AppSensor. The changes to ESAPI WAF is limited to these 6
>ESAPI source files:
>    src/main/java/org/owasp/esapi/waf/rules/Rule.java
>    src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
>If these changes are not compatible with using AppSensor with ESAPI, would
>this be something that maybe the AppSensor gang would be interested in
>considering with a similar extension?
>Blog: http://off-the-wall-security.blogspot.com/
>"The most likely way for the world to be destroyed, most experts agree,
>is by accident. That's where we come in; we're computer professionals.
>We *cause* accidents."        -- Nathaniel Borenstein
>Owasp-appsensor-project mailing list
>Owasp-appsensor-project at lists.owasp.org

More information about the Owasp-appsensor-project mailing list