[Owasp-leaders] OWASP ESAPI Project Status

Dinis Cruz dinis.cruz at owasp.org
Sat Mar 29 12:40:16 UTC 2014


I think this is a great step for ESAPI which maybe will help it (ESAPI) to
have a much more realistic and achievable focus.

Kudos to Kevin for doing this and allowing the correct mapping of ESAPI

I've written (in 2010, 2011) about my views about ESAPI and where it should
go (i.e. ESTAPI):

   - The ESTAPI idea <http://blog.diniscruz.com/2011/06/estapi-idea.html>
   - A couple more comments on ESAPI and
ESTAPI<http://blog.diniscruz.com/2010/01/couple-more-comments-on-esapi-and.html>

   - Recommending
ESAPI?<http://blog.diniscruz.com/2010/01/recommending-esapi.html>


And in case you missed these, recently (2013) I was able to consume ESAPI
java from .NET (i.e. the O2 Platform)

   - Loading OWASP ESAPI jar and its dependencies from C# (using
jni4net)<http://blog.diniscruz.com/2013/03/loading-owasp-esapi-jar-and-its.html>

   - View ESAPI 11 Encodings methods in real-time via an ASP.NET Web
Page<http://blog.diniscruz.com/2013/06/view-esapi-11-encodings-methods-in-real.html>

   - Another step in the use of ESAPI and AppSensor Jars from .Net/C#
   (using Jni4Net)<http://blog.diniscruz.com/2013/06/another-step-in-use-of-esapi-and.html>

   - First execution of ESAPI.jar Encoder methods from O2's C#
REPL<http://blog.diniscruz.com/2013/05/first-execution-of-easpijar-encoder.html>


Btw, I still think ESAPI is a great idea and something that just about all
frameworks and companies needs (i.e. an Enterprise Security APIs).

The problem was that OWASP's community tried to be a 'professional
development org', which is something that (with some minor exceptions) we
are not capable of. Organisations/groups like http://shiro.apache.org/ are
much more suited for that type of 'mission critical development'

Dinis



On 29 March 2014 06:08, Jim Manico <jim.manico at owasp.org> wrote:

> Why you should no longer use the OWASP ESAPI project, why you should not
> be recommending the OWASP ESAPI project, and why the OWASP ESAPI project is
> not deserving of flagship status.
>
> http://off-the-wall-security.blogspot.in/2014/03/esapi-no-
> longer-owasp-flagship-project.html
>
> - Jim
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140329/82bdfaf0/attachment.html>


More information about the OWASP-Leaders mailing list