[Owasp-leaders] OWASP Secure Coding Track: Actions from 01//24/11 at 8:30EST

John Wilander john.wilander at owasp.org
Wed Jan 26 19:43:17 EST 2011

2011/1/25 Jim Manico <jim.manico at owasp.org>

> I think we need to split up ESAPI into different usable modules : like a
> stand alone encoder, a stand alone validator, a stand alone crypto
> module, etc. ESAPI is pretty bulky, with 80+ dependencies and counting.
> I think we need more modules, less dependencies and less new features....

I agree. It's hard convincing customers to plug in volumes of code. ESAPI
discussions in my experience start up as small problems, for instance in
validating input somewhere. If I could plug in the validator part of ESAPI
the customer could start there, gain confidence in the quality and come back
for more when it's time.

AntiSamy has been easier to get into projects because it's coherent and
relatively small. "Ah, so we add that Maven dependency, pick a policy and
start filtering? Good. We'll try that."

(I'm not a guru on ESAPI or AntiSamy, these are just my nuggets of
experience with them)


John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
<http://owaspsweden.blogspot.com>Co-organizer Global Summit,
<http://www.owasp.org/index.php/Summit_2011>Conf Comm,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110127/665aacb9/attachment.html 

More information about the OWASP-Leaders mailing list