[OWASP-ESAPI] ESAPI PHP not complete

Linden Darling Linden.Darling at jds.net.au
Tue Apr 14 22:01:16 EDT 2009


Hi Nilesh,

As per the ESAPI4PHP wiki on the OWASP website
(http://www.owasp.org/index.php/ESAPI#tab=PHP), there has not yet been a
release of ESAPI4PHP. Release 0.1 is anticipated for May 2009 (i.e. next
month). I believe Andrew is aiming to have releases ready in conjunction
with OWASP conferences and since OWASP AppSec Europe is May 13th-14th
I'd say the chances are good that 0.1 will be released by then.

Note to all: The ESAPI4PHP wiki page states 'PHP 4.1.0 or higher is
required.', however PHP 5.X (latest stable release is 5.2.9-2) is
required as SPL is already in use (e.g. EnterpriseSecurityException
extends Exception). There's also a push to start preparing the code for
5.3 since its release is nigh and it will allow the use of new features
such as namespaces.

Regards,

Linden Darling
JDS Australia

----------------------------------------------------------------------

Message: 1
Date: Tue, 14 Apr 2009 15:25:26 +0530
From: "Nilesh Kumar (India)" <Nilesh.Kumar at sdgc.com>
Subject: [OWASP-ESAPI] ESAPI PHP not complete
To: <owasp-esapi at lists.owasp.org>, <jeff.williams at owasp.org>,	"Andrew
	van der Stock" <vanderaj at owasp.org>
Message-ID:
	
<B3A4B574404BA3449A74A5B78B5F259469B497 at sdgind015.india.sdgc.com>
Content-Type: text/plain; charset="us-ascii"

Hi All,

 

     I was devising ESAPI for PHP in my sample web application to test
the effectiveness of the API. I chose some basic functions like
encodeforHTML, encodeforHTMLAttribute etc but found that these as well
as other functions simply have just skeletons, there's no coding
implemented inside them.

 

Can you tell me which methods/functions are ready for implementing in
PHP projects and when rest are supposed to be completed?

Your response will be highly appreciated.

 

Regards,

Nilesh Kumar CEH ISMS LA

Security Specialist

Governance,Risk &  Compliance (GRC)
________________________________________________________________________


Cell:+91-9891524880 


SDG Software India Pvt. Ltd. 
A-10, Sector 2,NOIDA 201301, (UP), INDIA 
Website: www.sdgc.com 

Please Note: The e-mail content is intended for the sole use of the
intended recipient/s and may contain material that is CONFIDENTIAL AND
PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying
or distribution or forwarding of any or all of the contents in this
message is STRICTLY PROHIBITED. If you have erroneously received this
message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://lists.owasp.org/pipermail/owasp-esapi/attachments/20090414/4641a
1ce/attachment-0001.html 

------------------------------

_______________________________________________
OWASP-ESAPI mailing list
OWASP-ESAPI at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-esapi


End of OWASP-ESAPI Digest, Vol 19, Issue 11
*******************************************


More information about the OWASP-ESAPI mailing list