[Owasp-germany] Apache Shiro

Torsten Gigler torsten.gigler at owasp.org
Tue Jul 16 09:33:23 UTC 2013

Hallo Dirk,

frag mal Jim (vgl Mail)


---------- Forwarded message ----------
From: Jim Manico <jim.manico at owasp.org>
Date: 2013/3/28
Subject: Re: [Owasp-leaders] Fwd: Getting in touch with the leader ?
To: Samantha Groves <samantha.groves at owasp.org>
Cc: Owasp leaders <owasp-leaders at lists.owasp.org>

One core requirement for "project health" is how well it is maintained.

Because ESAPI has not been updated since July 2012 and there exists a
number of significant bugs, I no longer recommend ESAPI nor do I consider
it a flagship project (at all). This is just my personal opinion as a
volunteer, not official board communication.

For Java, I recommend a combination of:

1) Apache Shiro (for AuthN/AuthZ)
2) OWASP Java Encoder (XSS Defense)
3) OWASP HTML Sanitizer (AntiSamy like functionality)
4) OWASP JSON Sanitizer (Safe JSON Parsing and Sanitization)

All of these are high performance and well maintained (ie: bugs get fixed

My 2 cents,
Jim Manico
(808) 652-3805

2013/7/16 Dirk Wetter <dirk.wetter at owasp.org>

> Moin *,
> Kann jemand was zu Apache Shiro sagen, taucht das was, ist das interessant?
> Besten Gruß,
> Dirk Wetter
> --
> German OWASP Board, Conference Chair AppSec EU 2013
> http://appsec.eu/       |                 @appseceu
> skype://drwetter.de     |      tel:+49-40-2442035-1
> _______________________________________________
> Owasp-germany mailing list
> Owasp-germany at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-germany

More information about the Owasp-germany mailing list