[Owasp-leaders] Fwd: Getting in touch with the leader ?

Jim Manico jim.manico at owasp.org
Thu Mar 28 14:08:34 UTC 2013


One core requirement for "project health" is how well it is maintained.

Because ESAPI has not been updated since July 2012 and there exists a
number of significant bugs, I no longer recommend ESAPI nor do I consider
it a flagship project (at all). This is just my personal opinion as a
volunteer, not official board communication.

For Java, I recommend a combination of:

1) Apache Shiro (for AuthN/AuthZ)
2) OWASP Java Encoder (XSS Defense)
3) OWASP HTML Sanitizer (AntiSamy like functionality)
4) OWASP JSON Sanitizer (Safe JSON Parsing and Sanitization)

All of these are high performance and well maintained (ie: bugs get fixed
fast).

My 2 cents,
--
Jim Manico
@Manicode
(808) 652-3805

On Mar 28, 2013, at 7:18 AM, Samantha Groves <samantha.groves at owasp.org>
wrote:

Hello All,

Chris Schmidt & Kevin Wall are both co-leading this project at the moment.
A few months ago, we put together a proposal for funding from the DHS that
included a management and technical management roadmap that we submitted
for funding. We have been waiting for a decision.

I have just gotten word from DHS that funding for their programs has now
been approved for 2013. The last I heard is that our ESAPI Project proposal
was in round two of reviews. In answer to your questions, ESAPI is not
dead, we were just placed at a halt after our proposal was submitted to
DHS.

I hope this clears thing up. Let me know if you have questions, concerns,
etc.

Cheers now, All.

SG

On Thu, Mar 28, 2013 at 11:27 AM, vanderaj vanderaj <vanderaj at owasp.org>wrote:

> I thought that Chris Schmidt had taken over the helm of ESAPI?
>
> thanks,
> Andrew
>
>
> On Thu, Mar 28, 2013 at 9:11 PM, Sebastien Gioria <
> sebastien.gioria at owasp.org> wrote:
>
>> No news from anyone ? Is ESAPI dev definitively dead ?
>>
>> I'm in touch with a new potential big corporate member who has
>> integrate ESAPI in his product and have problem. Any value for them
>> before making they membership could be the OWASP capacity to be in
>> touch with the leader of the ESAPI Java.
>>
>> We (France) are in touch with them to Host the First OWASP France Day
>> and many more other opportunity.
>>
>> It's really a big reference for OWASP if we have it.
>>
>> Thanks.
>>
>>
>> ---------- Forwarded message ----------
>> From: Sebastien Gioria <sebastien.gioria at owasp.org>
>> Date: 2013/3/26
>> Subject: Getting in touch with the leader ?
>> To: owasp-esapi-dev <owasp-esapi-dev at owasp.org>
>> Cc : Jeff Williams <jeff.williams at owasp.org>
>>
>>
>> Hi guys,
>>
>> I'm not sure Jeff is always the leader of the JavaEE ESAPI project,
>> and I need to be in touch with the leader of the project for some
>> related presentations and experiences exchange with a big french
>> company.
>>
>> Thanks in advance
>>
>>
>> --
>> OWASP French Chapter Leader
>> GSM: +33 6 70 59 11 44
>>
>>
>> --
>> OWASP French Chapter Leader
>> GSM: +33 6 70 59 11 44
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 

*Samantha Groves, MBA*****

*OWASP Project Manager*

*
*

The OWASP Foundation

Lisbon, Portugal

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application
Form<https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE6MQ#gid=0>



 _______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130328/492f47a0/attachment.html>


More information about the OWASP-Leaders mailing list