[OWASP-ESAPI] ESAPI Project Status (all languages)

Jeff Williams jeff.williams at owasp.org
Mon Mar 16 22:40:02 EDT 2009

Juan, this is fantastic progress. Please keep us posted!  I'd like to get a
status from all the various different language implementations. Here's what
I currently know about...

Java (moving)
Classic ASP (moving)
PHP (moving)
.NET (need status)
Haskell (need status)
Cold Fusion (stalled)

We need to get the code for all of this into a repository (I suggest Google
Code) and work towards a regular release cycle.



> -----Original Message-----
> From: Juan C Calderon [mailto:johnccr at yahoo.com]
> Sent: Monday, March 16, 2009 4:03 AM
> To: Classic ASP Security OWASP
> Cc: Paulo Coimbra; Jeff Williams
> Subject: I could not finish
> Hello List/Paulo
> Due to a sticky and annoying error related to .NET/COM interoperability
> and IIS I slipped and was not able to finish as planned. However the
> progress so far is very good
> Here is the current status (notice I am also attaching the source code
> and  Classic ASP page implementing most of the classess in ESAPI).
> AccessController - 100%
> AcessReferenceMap - 0% (Not working)
> Authenticator - 50% (some parameters are very .NET specific and are
> hard to marshall) Encoder - 100% EncryptedProperties - 100% Encryptor -
> 100% Executor - 50% (some parameters are very .NET specific and are
> hard to marshall) HttpUtilities - 30% (This class is specially
> difficult due to its tight integration with .NET specific HTTPRequest
> objects) IntrusionDetector - 100% Logger - 50% (Some functions missing
> due to integration with native .NET objects) Randomizer - 100% SafeFile
> - 0% SecurityConfiguration - 100% Validator 65%
> AccessReferenceMap, Executor and SafeFile are small components and I
> think I can have them running by tomorrow night. But we will still miss
> parts of Authenticator, HTTPUtilities and Validator.
> Anyway, it was great advance since Portugal as there 3 classes were
> working partially and the others wer not working at all. Now All are
> working but 3 will be working partially :)
> PS. I am also copying Jeff as I think he might be interested in the
> advance of the project.
> Regards,
> Juan Carlos

More information about the OWASP-ESAPI mailing list