[Owasp-denver] [Invitation] Denver OWASP Meeting: The ASP .NET ESAPI Project @ Wed Oct 15 6pm – 8pm (owasp-denver at lists.owasp.org)

dcampbell dcampbell dcampbell at owasp.org
Wed Oct 8 17:38:35 EDT 2008

owasp-denver at lists.owasp.org, you are invited to

Title: Denver OWASP Meeting: The ASP .NET ESAPI Project
Time: Wed Oct 15 6pm – 8pm (Timezone: Mountain Time)
Where: Raytheon Polar Services, 7400 S. Tucson Way, Centennial CO 80112
Calendar: owasp-denver at lists.owasp.org
Description: Centralized Security Functionality In a .NET World

The OWASP .NET ESAPI Project The Enterprise Security Application  
Programming Interface, or ESAPI, is a one-stop security shop for developers  
looking to implement security mechanisms in their code. The brainchild of  
Jeff Williams, one of the founders of OWASP, the ESAPI is an open source  
project that has gained traction with organizations looking to implement  
secure applications using tried and tested code that is also well organized  
and consistent. It includes functionality for validating and encoding data,  
authenticating and authorizing users, logging, error handling, and more.  
The API includes a Java reference implementation that can be extended to  
allow any organization to integrate security functionality into their  
Java/JEE applications.

But what about .NET? Many organizations are banking on the powerful  
Microsoft programming framework to help them deliver robust and secure  
software. However, like Java, .NET tends to leave it up to the end-user  
programmers to get security code right. The OWASP .NET ESAPI project  
intends to help .NET developers avoid introducing security vulnerabilities  
into their code by providing a full port of the original ESAPI project from  
Java to C#.

This talk, delivered by the leader of the .NET ESAPI project Alex Smolen,  
will explore the gains, gripes, and gotchas of converting the ESAPI to .NET  
from the .NET ESAPI project lead himself. It will discuss features of  
the .NET frameworks security model, key differences between the Java  
and .NET platforms, and ASP.NET web security issues. Additionally, future  
ideas for .NET specific functionality will be proposed and discussed.  
Participation and feedback from the attendees is expected and encouraged.

More information is at http://www.owasp.org/index.php/Denver


David Campbell

NOTE: if Wednesday or Centennial won't work for you, Alex will be  
presenting on Tuesday, 14 Oct in Broomfield. See link below for details:  

You can view this event at  

You are receiving this courtesy email at the account  
owasp-denver at lists.owasp.org because you are an attendee of this event.

To stop receiving future notifications for this event, decline this event.  
Alternatively you can sign up for a Google account at  
http://www.google.com/calendar/ and control your notification settings for  
your entire calendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-denver/attachments/20081008/5aad8265/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/calendar
Size: 3290 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-denver/attachments/20081008/5aad8265/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: invite.ics
Type: application/ics
Size: 3290 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-denver/attachments/20081008/5aad8265/attachment-0001.bin 

More information about the OWASP-DENVER mailing list