[OWASP-ESAPI] ESAPI PHP not complete

Boberski, Michael [USA] boberski_michael at bah.com
Wed Apr 15 08:31:39 EDT 2009

FYI, re: PHP 5.X, I updated the PHP readme on the ESAPI project page.
Please let me know if/as updates to the PHP ESAPI readme/release notes
need to be made, or please make the updates when necessary if you have
the cycles.

Mike B.

-----Original Message-----
From: owasp-esapi-bounces at lists.owasp.org
[mailto:owasp-esapi-bounces at lists.owasp.org] On Behalf Of Linden Darling
Sent: Tuesday, April 14, 2009 10:01 PM
To: owasp-esapi at lists.owasp.org
Subject: Re: [OWASP-ESAPI] ESAPI PHP not complete

Hi Nilesh,

As per the ESAPI4PHP wiki on the OWASP website
(http://www.owasp.org/index.php/ESAPI#tab=PHP), there has not yet been a
release of ESAPI4PHP. Release 0.1 is anticipated for May 2009 (i.e. next
month). I believe Andrew is aiming to have releases ready in conjunction
with OWASP conferences and since OWASP AppSec Europe is May 13th-14th
I'd say the chances are good that 0.1 will be released by then.

Note to all: The ESAPI4PHP wiki page states 'PHP 4.1.0 or higher is
required.', however PHP 5.X (latest stable release is 5.2.9-2) is
required as SPL is already in use (e.g. EnterpriseSecurityException
extends Exception). There's also a push to start preparing the code for
5.3 since its release is nigh and it will allow the use of new features
such as namespaces.


Linden Darling
JDS Australia


Message: 1
Date: Tue, 14 Apr 2009 15:25:26 +0530
From: "Nilesh Kumar (India)" <Nilesh.Kumar at sdgc.com>
Subject: [OWASP-ESAPI] ESAPI PHP not complete
To: <owasp-esapi at lists.owasp.org>, <jeff.williams at owasp.org>,	"Andrew
	van der Stock" <vanderaj at owasp.org>
<B3A4B574404BA3449A74A5B78B5F259469B497 at sdgind015.india.sdgc.com>
Content-Type: text/plain; charset="us-ascii"

Hi All,


     I was devising ESAPI for PHP in my sample web application to test
the effectiveness of the API. I chose some basic functions like
encodeforHTML, encodeforHTMLAttribute etc but found that these as well
as other functions simply have just skeletons, there's no coding
implemented inside them.


Can you tell me which methods/functions are ready for implementing in
PHP projects and when rest are supposed to be completed?

Your response will be highly appreciated.



Nilesh Kumar CEH ISMS LA

Security Specialist

Governance,Risk &  Compliance (GRC)


SDG Software India Pvt. Ltd. 
A-10, Sector 2,NOIDA 201301, (UP), INDIA
Website: www.sdgc.com 

Please Note: The e-mail content is intended for the sole use of the
intended recipient/s and may contain material that is CONFIDENTIAL AND
PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying
or distribution or forwarding of any or all of the contents in this
message is STRICTLY PROHIBITED. If you have erroneously received this
message, please delete it immediately and notify the sender. Before
opening any attachments please check them for viruses and defects.


-------------- next part --------------
An HTML attachment was scrubbed...


OWASP-ESAPI mailing list
OWASP-ESAPI at lists.owasp.org

End of OWASP-ESAPI Digest, Vol 19, Issue 11
OWASP-ESAPI mailing list
OWASP-ESAPI at lists.owasp.org

More information about the OWASP-ESAPI mailing list