https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=AlexsmolenOWASP - User contributions [en]2026-05-02T02:28:33ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=GPC_Project_Details/OWASP_Enterprise_Security_API_.NET_Version&diff=136212GPC Project Details/OWASP Enterprise Security API .NET Version2012-09-20T17:15:50Z<p>Alexsmolen: </p>
<hr />
<div>{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude><br />
| project_name = OWASP ESAPI for .NET<br />
| project_description = This is the .NET language version of OWASP ESAPI. <br />
* The current release of this project '''is not''' suitable for production use<br />
* [http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio. Point your SVN tool at http://owasp-esapi-dotnet.googlecode.com/svn/trunk. Anonymous checkout is supported. You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
| project_license = [http://en.wikipedia.org/wiki/BSD_license BSD license]<br />
| leader_name = None<br />
| leader_email = <br />
| leader_username = <br />
| past_leaders_special_contributions = <br />
| maintainer_name = Michael Weber<br />
| maintainer_email = michael.weber35@gmail.com<br />
| maintainer_username = <br />
| contributor_name1 = Paul Apostolescu<br />
| contributor_email1 = apbogdan@gmail.com<br />
| contributor_username1 = <br />
| contributor_name2 = <br />
| contributor_email2 = <br />
| contributor_username2 = <br />
| contributor_name3 = <br />
| contributor_email3 = <br />
| contributor_username3 = <br />
| contributor_name4 = <br />
| contributor_email4 = <br />
| contributor_username4 = <br />
| contributor_name5 = <br />
| contributor_email5 = <br />
| contributor_username5 = <br />
| contributor_name6 = <br />
| contributor_email6 = <br />
| contributor_username6 = <br />
| contributor_name7 = <br />
| contributor_email7 = <br />
| contributor_username7 = <br />
| contributor_name8 = <br />
| contributor_email8 = <br />
| contributor_username8 = <br />
| contributor_name9 = <br />
| contributor_email9 = <br />
| contributor_username9 = <br />
| contributor_name10 = <br />
| contributor_email10 = <br />
| contributor_username10 = <br />
| pamphlet_link = <br />
| presentation_link = <br />
| mailing_list_name = esapi-dev-dotnet<br />
| links_url1 = http://code.google.com/p/owasp-esapi-dotnet/<br />
| links_name1 = ESAPI for .NET Google Code repository<br />
| links_url2 = http://owasp-esapi-dotnet.googlecode.com/files/Esapi.zip<br />
| links_name2 = Download the latest .NET ESAPI library binary from Google Code here. <br />
| links_url3 = http://owasp-esapi-dotnet.googlecode.com/files/Esapi_Documentation.zip<br />
| links_name3 = <br />
| links_url4 = <br />
| links_name4 = <br />
| links_url5 = <br />
| links_name5 = ESAPI .NET readme and release notes<br />
| links_url6 = <br />
| links_name6 = ESAPI for .NET design notes (Blog) <br />
| links_url7 = http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Downloads<br />
| links_name7 = General ESAPI information<br />
| links_url8 = <br />
| links_name8 = <br />
| links_url9 = <br />
| links_name9 = <br />
| links_url10 = <br />
| links_name10 = <br />
| project_road_map = <br />
| project_health_status = <br />
| current_release_name = <br />
| current_release_date = <br />
| current_release_download_link = <br />
| current_release_rating = <br />
| current_release_leader_name = <br />
| current_release_leader_email = <br />
| current_release_leader_username =<br />
| current_release_details = <br />
| last_reviewed_release_name = <br />
| last_reviewed_release_date = <br />
| last_reviewed_release_download_link = <br />
| last_reviewed_release_rating = <br />
| last_reviewed_release_leader_name = <br />
| last_reviewed_release_leader_email = <br />
| last_reviewed_release_leader_username = <br />
| old_release_name1 = <br />
| old_release_date1 = <br />
| old_release_download_link1 = <br />
| old_release_name2 = <br />
| old_release_date2 = <br />
| old_release_download_link2 = <br />
| old_release_name3 = <br />
| old_release_date3 = <br />
| old_release_download_link3 = <br />
| old_release_name4 = <br />
| old_release_date4 = <br />
| old_release_download_link4 = <br />
| old_release_name5 = <br />
| old_release_date5 = <br />
| old_release_download_link5 = <br />
| last_GPC_update = 4/10/2009<br />
| GPC_Notes = Empty template (.NET_Version)<br />
| project_home_page = :Category:OWASP_Enterprise_Security_API<br />
| project_details_wiki_page = GPC_Project_Details/OWASP_Enterprise_Security_API_.NET_Version<br />
}}</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Category:OWASP_Enterprise_Security_API&diff=66915Category:OWASP Enterprise Security API2009-07-30T03:10:15Z<p>Alexsmolen: </p>
<hr />
<div>{{ProjectTabs | <br />
Proj_About= <br />
<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
''OWASP Tools Project''<br />
<br />
'''Enterprise Security API (ESAPI)'''<br />
<br />
OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers. Further development of ESAPI occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please [mailto:jeff.williams@owasp.org contact us].<br />
<br />
'''ESAPI Toolkits'''<br />
<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Java_EE | Java EE]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=.NET | .NET]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Classic_ASP | Classic ASP]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=PHP | PHP]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=ColdFusion | ColdFusion]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Python | Python]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Haskell | Haskell]]<br />
<br />
'''How ESAPI Works'''<br />
<br />
ESAPI Toolkits are designed to automatically take care of many aspects of application security, making these issues invisible to the developers. <br />
<br />
[[Image:Esapi-before-after.JPG|550px]]<br />
<br />
</td><td><br />
; <br />
<br>'''Latest News'''<br />
* ESAPI Java 2.0preview1 has been released<br />
* ESAPI Python version project is starting up. Please contact jeff.williams@owasp.org for more information.<br />
* The Cold Fusion implementation project has started. It will build on the Java API, using wrappers for CFML.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* Request for users/adopters/supporters. Please let us know your stories!<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=News ESAPI News Archives]<br />
* [mailto:owasp-esapi@lists.owasp.org ESAPI Mailing List]<br />
<br />
'''Sample Application - ESAPI Swingset'''<br />
* The [[ESAPI_Swingset | ESAPI Swingset]] sample application is under development.<br />
** Many lessons have been completed that demonstrate how to leverage ESAPI to protect a web application.<br />
** It also demonstrates the flaws web applications can have if they are not ESAPI-enabled.<br />
</td></tr><br />
</table><br />
<br />
| <br />
<br />
Proj_Documentation= <br />
'''More About OWASP ESAPI'''<br />
<br />
* ESAPI interface documentation ([http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html JavaDocs])<br />
* Project presentation ([http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx PowerPoint])<br />
* Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])<br />
* One Page Datasheet ([http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf PDF], [http://www.owasp.org/images/d/d0/ESAPI_One_Page_Handout.doc Word]) <br />
<br />
'''Related projects'''<br />
<br />
* [[Top Ten|OWASP Top Ten]]<br />
* [[ASVS|OWASP Application Security Verification Standard]]<br />
* [[XSS (Cross Site Scripting) Prevention Cheat Sheet]]<br />
<br />
====Java EE====<br />
<br />
'''Java Edition of the OWASP ESAPI Toolkit - '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]<br />
<br />
* The Java EE version of ESAPI is being lead by [[User:Jeff Williams|Jeff Williams]]. Feel free to contact [mailto:jeff.williams@owasp.org him] for further details.<br />
<br />
We are seeking organizations willing to pilot ESAPI and work with us to make this library better. Please contact jeff.williams@owasp.org for more information. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
'''Welcome to the ESAPI Java Edition'''<br />
<br />
This document provides information about the Java Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
For all downloads and project files, please visit http://code.google.com/p/owasp-esapi-java<br />
<br />
* [http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]<br />
* The current ESAPI JAR has been built for Java 1.5+. Please see [[ESAPI-Building]]<br />
<br />
'''Running Demo App'''<br />
<br />
The ESAPI Demo application has been named [[ESAPI_Swingset|''The ESAPI Swingset'']]. More information about Swingset is available [[ESAPI_Swingset | here]].<br />
<br />
ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br />
<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports Java, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
Java v1.5 or higher is required. There are no settings that are required to be set correctly in your properties files to use ESAPI.<br />
<br />
<br>'''Dependencies'''<br />
<br />
There are no dependencies on the ESAPI '''interfaces''' other than standard Java EE. However, the reference implementation does have dependencies that are detailed below. The reference implementation takes advantage of a few existing libraries:<br />
<br />
*DefaultAccessController needs…<br />
**Commons-Configuration 1.5<br />
<br />
* DefaultValidator needs…<br />
** AntiSamy 1.2 (there may be a few transitive dependencies here)<br />
** NekoHTML 0.9.5<br />
** Xerces 2.9.1<br />
<br />
* Log4J Logger needs…<br />
** Log4j 1.2.12<br />
<br />
* DefaultHTTPUtilities needs…<br />
** Commons-FileUpload 1.2<br />
<br />
* WAF needs<br />
** XOM 1.0 (there may be a few transitive dependencies here)<br />
** Commons-FileUpload 1.2<br />
<br />
====.NET==== <br />
'''.NET Edition of the OWASP ESAPI Toolkit - Version 0.2 is released'''<br />
<br />
* The .NET version of ESAPI is being lead by Alex Smolen. Feel free to contact him at (me AT AlexSmolen DOT com) for more information.<br />
* If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition ReadMe'''<br />
<br />
Release 0.2: August 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.2'''<br />
<br />
This document provides information about the .NET Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Esapi.zip here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Esapi_Documentation.zip here]. It is a zipped .chm (help) file.<br />
<br />
You can also browse the .NET ESAPI documentation [http://alexsmolen.com/dotnetesapidoc/index.html here]<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
<br>'''System Requirements'''<br />
<br />
The solution is created with VS 2008 and .NET 3.5. However, the actual code should be compatible with .NET 2.0, so it should be simple to get the code to compile in most environments.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The .NET Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
You must also download download and install the latest version of the [http://www.codeplex.com/AntiXSS AntiXss] library.<br />
<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
None<br />
<br />
<br>'''Obtaining the .NET Edition of OWASP ESAPI'''<br />
<br />
There are a couple of ways to get started with the .NET ESAPI. <br />
<br />
If you simply want to start using the functionality, you can download the assembly from [ Google Code]. You will also need to add the appropriate configuration (see here).<br />
<br />
You can download the solution from Google Code with SVN.<br />
<br />
You will need to download and install the AntiXss library separately, in order to respect the code licensing. <br />
<br />
The SwingSet application requires you to login - just register a username and go. You also need to supply a SMTP host in the web.config file in SwingSet in order to register a user, so that you can get an activation email. I might change this in the released version, since it's sort of a pain. You can just use the external SMTP server for an email account you own and use that - i.e.<br />
<br />
<mailSettings><br />
<smtp from="dot-net-esapi@owasp.com"><br />
<network<br />
host="you fill this part in, for example d.mx.mail.yahoo.com for a yahoo.com mail account"<br />
port="25"<br />
/><br />
</smtp><br />
</mailSettings><br />
<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition Release Notes'''<br />
<br />
Release 0.2<br />
<br />
August 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.2'''<br />
<br />
This document provides information about .NET Edition of OWASP ESAPI v0.2. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release improve significanlty on the first release. The following components have been redesigned and reimplemented:<br />
<br />
* AccessController<br />
* AccessReferenceMap<br />
* Encoder<br />
* Encryptor<br />
* Esapi<br />
* HttpUtilities<br />
* IntrusionDetector<br />
* Logger<br />
* Randomizer<br />
* SecurityConfiguration<br />
* Validator<br />
<br />
The SwingSet application has also been introduced, to demonstrate how to use the ESAPI as well as showcase other ASP.NET security bet practices.<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* All components have been redesigned - there have been major changes since v0.1.<br />
<br />
<br>'''Known issues'''<br />
<br />
* Canonicalization support is incomplete - only some Codecs support decoding.<br />
* There are only a few ValidationRules.<br />
* AccessController implementation does not provide policy storage.<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* This version is an entirely different code base. Please completely upgrade all existing implementations.<br />
<br />
<br><br />
<br />
====Classic ASP====<br />
'''Classic ASP Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
* The Classic ASP version of ESAPI is being lead by Juan C Calderon. Feel free to contact him at johnccr (at) yahoo.com<br />
* join our [https://lists.owasp.org/mailman/listinfo/owasp-classic-asp-security-project OWASP Classic ASP Security Project Mailing List] to be posted on the progress of the project or to contact us.<br />
* We are working on minor fixes and documentation to release the first beta version of the software. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition ReadMe'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about the Classic ASP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
*Microsoft .NET Framework 2.0<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Classic ASP Edition of OWASP ESAPI includes a reference implementation (look for <code>default.asp.zip</code> file at [[Classic_ASP_Security_Project]]) which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There is no specific recommendation<br />
<br />
<br>'''Obtaining the Classic ASP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Classic ASP Edition of OWASP ESAPI from the [http://code.google.com/p/owasp-esapi-classicasp/ Google Code download page]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition Release Notes'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about Classic ASP Edition of OWASP ESAPI v0.9. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Implementation of most of the ESAPI .NET version for Classic ASP technology, including those for Access Control, Encoding, Input Validation, Encryption and much more (Authentication class was fully implemented yet)<br />
* Sample Classic ASP page demonstrating the use of the different classes and methods<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* You might receive a compilation error when instantiating the <code>AccessController</code> class<br />
* You have to copy the web.config file to the IIS worker folder. For example to <code>C:\Windows\System32\inetsrv\w3wp.exe.config</code> in Windows Vista<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====PHP====<br />
'''PHP Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The PHP version of ESAPI is being lead by [[User:Vanderaj|Andrew van der Stock]]. Feel free to contact [mailto:vanderaj@owasp.org him] for further details.<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the PHP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports PHP, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
PHP 5.2.9-2 or higher is required. There are no settings that are required to be set correctly in your php.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The PHP Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the PHP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the PHP Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-php/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about PHP Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* ESAPI main class<br />
* All interfaces (even those that are stubbed out)<br />
* AccessReferenceMap<br />
* Exceptions (i.e. everything in errors/)<br />
* Encoder and everthing in codecs/<br />
* HTTP Utilities<br />
* String Utilities<br />
* Validator<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* Tags. There's no equivalent in the PHP world. <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====ColdFusion/CFML====<br />
<br />
'''ColdFusion/CFML Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The ColdFusion/CFML version of ESAPI is being lead by Jason Dean (jason at 12robots dot com) and Bill Shelton (billshelton at comcast dot net). Feel free to contact either person for further details.<br />
<br><br />
----<br />
'''OWASP ESAPI - ColdFusion/CFML Edition''' <br /><br />
Release (TBD): May, 2009 <br />
<br />
<br>'''Welcome to the ColdFusion/CFML Edition of OWASP ESAPI (v.TBD)'''<br />
<br />
The ColdFusion/CFML edition of ESAPI will provide ESAPI functionality for developers using CFML. It is<br />
the project's intent to support Adobe ColdFusion, Railo, and Open BlueDragon. Development focus will<br />
be placed on CFML frameworks wishing to integrate CFESAPI.<br />
<br />
'''Status'''<br /><br />
Development is currently underway. Roadmap and preliminary source code will be available shortly at the Google Code<br />
[http://code.google.com/p/owasp-esapi-coldfusion/ project home].<br />
<br />
'''Contribute'''<br /><br />
Any developers, framework providers, or CFML engine contributors interested in contributing, using and testing, please contact the project owners above and join the Google <br />
[http://groups.google.com/group/cfesapi mailing list]. <br />
<br />
<br />
<br />
====Python====<br />
<br />
'''Python Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The Python version of ESAPI is being lead by [[User:Craig Younkins|Craig Younkins]]. Feel free to contact [mailto:craig.younkins@owasp.org him] for further details.<br />
* We are currently looking for contributors. If you are interested in working on ESAPI on Python, please join our [http://lists.owasp.org/mailman/listinfo/esapi-python mailing list] or send me an [mailto:craig.younkins@owasp.org email].<br />
<br><br />
----<br />
'''OWASP ESAPI - Python Edition'''<br />
<br />
<br>'''Welcome to the Python Edition of OWASP ESAPI v0.1'''<br />
<br />
Version 0.1 of the Python edition of ESAPI is currently under development. Take a look at our [http://code.google.com/p/owasp-esapi-python/ Google Code] site to clone the Mercurial repository or submit bugs. Documentation for the API is available [http://owasp-esapi-python.googlecode.com/hg/doc/index.html here].<br />
<br />
<br />
====Haskell==== <br />
'''Haskell Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
<br />
* The Haskell version of ESAPI is being lead by Sigbjorn Finne. Feel free to contact him at sof 'AT' galois.com for further details.<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Haskell Edition ReadMe'''<br />
<br />
Sigbjorn (and Galois, who is his employer) are contributors to the core Haskell language. The intent of this effort is to make ESAPI for Haskell part of Haskell itself.<br />
<br />
|<br />
<br />
Proj_Mail= '''Project News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* OWASP ESAPI has been integrated into the [[OWASP Secure Software Contract Annex]] in the [[OWASP Legal Project]].<br />
* OWASP ESAPI is presented by [[User:Jeff Williams|Jeff Williams]] at [http://www.owasp.org/index.php/OWASP_Software_Assurance_Day_DC_2009 OWASP Software Assurance Day DC 2009] in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.<br />
<br>'''Project Mail List'''<br>[http://lists.owasp.org/mailman/listinfo/owasp-esapi Subscribe here]<br>[mailto:owasp-esapi@lists.owasp.org Use here] |<br />
<br />
Proj_Related= [[Top Ten|OWASP Top Ten]] |<br />
<br />
Proj_Contributors=<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
'''Project Leader'''<br>[[:User:Jeff Williams|Jeff Williams]]<br><br>'''Project Contributors'''<br>[[User:Jmanico|Jim Manico]] <br>[[User:Wichers|Dave Wichers]]<br> [[User:Arshan|Arshan Dabirsiaghi]] <br> [[User:Jerryhoff|Jerry Hoff]]<br />
<br />
'''The ESAPI project is sponsored by:'''<br />
<br><br />
[http://www.aspectsecurity.com/ http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
<br><br />
</td><td><br />
'''Users and Adopters'''<br />
<br />
The following organizations are a few of the many organizations that are starting to adopt ESAPI to secure their web applications:<br />
* [http://www.americanexpress.com/ American Express]<br />
* [http://www.apache.org/ Apache Foundation]<br />
* [http://www.boozallen.com Booz Allen Hamilton]<br />
* [http://www.aspectsecurity.com/ Aspect Security]<br />
* [http://www.galois.com Galois]<br />
* [http://www.foundstone.com Foundstone(McAfee)]<br />
* [http://www.thehartford.com/ The Hartford]<br />
* [http://www.infinitecampus.com Infinite Campus]<br />
* [http://www.lockheedmartin.com/ Lockheed Martin]<br />
* [http://cwe.mitre.org/top25/index.html MITRE]<br />
* [http://www.nationwide.com/ Nationwide Insurance]<br />
* [http://enterprise.spawar.navy.mil/ U.S. Navy - SPAWAR]<br />
* [http://www.worldbank.org/ The World Bank]<br />
* [http://www.sans.org/top25errors/ SANS Institute]<br />
<br />
Please let us know how your organization is using OWASP ESAPI. Include your name, organization's name, and brief description of how you are using it. The project lead can be reached [mailto:jeff.williams@owasp.org here].<br />
<br />
</td></tr><br />
</table><br />
<br />
}}<br />
''This project licensed under the [http://en.wikipedia.org/wiki/BSD_license BSD license], which is very permissive and about as close to public domain as is possible. You can use or modify ESAPI however you want, even include it in commercial products.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Category:OWASP_Enterprise_Security_API&diff=66906Category:OWASP Enterprise Security API2009-07-30T01:06:24Z<p>Alexsmolen: </p>
<hr />
<div>{{ProjectTabs | <br />
Proj_About= <br />
<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
''OWASP Tools Project''<br />
<br />
'''Enterprise Security API (ESAPI)'''<br />
<br />
OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers. Further development of ESAPI occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please [mailto:jeff.williams@owasp.org contact us].<br />
<br />
'''ESAPI Toolkits'''<br />
<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Java_EE | Java EE]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=.NET | .NET]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Classic_ASP | Classic ASP]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=PHP | PHP]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=ColdFusion | ColdFusion]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Python | Python]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Haskell | Haskell]]<br />
<br />
'''How ESAPI Works'''<br />
<br />
ESAPI Toolkits are designed to automatically take care of many aspects of application security, making these issues invisible to the developers. <br />
<br />
[[Image:Esapi-before-after.JPG|550px]]<br />
<br />
</td><td><br />
; <br />
<br>'''Latest News'''<br />
* ESAPI Java 2.0preview1 has been released<br />
* ESAPI Python version project is starting up. Please contact jeff.williams@owasp.org for more information.<br />
* The Cold Fusion implementation project has started. It will build on the Java API, using wrappers for CFML.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* Request for users/adopters/supporters. Please let us know your stories!<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=News ESAPI News Archives]<br />
* [mailto:owasp-esapi@lists.owasp.org ESAPI Mailing List]<br />
<br />
'''Sample Application - ESAPI Swingset'''<br />
* The [[ESAPI_Swingset | ESAPI Swingset]] sample application is under development.<br />
** Many lessons have been completed that demonstrate how to leverage ESAPI to protect a web application.<br />
** It also demonstrates the flaws web applications can have if they are not ESAPI-enabled.<br />
</td></tr><br />
</table><br />
<br />
| <br />
<br />
Proj_Documentation= <br />
'''More About OWASP ESAPI'''<br />
<br />
* ESAPI interface documentation ([http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html JavaDocs])<br />
* Project presentation ([http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx PowerPoint])<br />
* Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])<br />
* One Page Datasheet ([http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf PDF], [http://www.owasp.org/images/d/d0/ESAPI_One_Page_Handout.doc Word]) <br />
<br />
'''Related projects'''<br />
<br />
* [[Top Ten|OWASP Top Ten]]<br />
* [[ASVS|OWASP Application Security Verification Standard]]<br />
* [[XSS (Cross Site Scripting) Prevention Cheat Sheet]]<br />
<br />
====Java EE====<br />
<br />
'''Java Edition of the OWASP ESAPI Toolkit - '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]<br />
<br />
* The Java EE version of ESAPI is being lead by [[User:Jeff Williams|Jeff Williams]]. Feel free to contact [mailto:jeff.williams@owasp.org him] for further details.<br />
<br />
We are seeking organizations willing to pilot ESAPI and work with us to make this library better. Please contact jeff.williams@owasp.org for more information. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
'''Welcome to the ESAPI Java Edition'''<br />
<br />
This document provides information about the Java Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
For all downloads and project files, please visit http://code.google.com/p/owasp-esapi-java<br />
<br />
* [http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]<br />
* The current ESAPI JAR has been built for Java 1.5+. Please see [[ESAPI-Building]]<br />
<br />
'''Running Demo App'''<br />
<br />
The ESAPI Demo application has been named [[ESAPI_Swingset|''The ESAPI Swingset'']]. More information about Swingset is available [[ESAPI_Swingset | here]].<br />
<br />
ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br />
<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports Java, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
Java v1.5 or higher is required. There are no settings that are required to be set correctly in your properties files to use ESAPI.<br />
<br />
<br>'''Dependencies'''<br />
<br />
There are no dependencies on the ESAPI '''interfaces''' other than standard Java EE. However, the reference implementation does have dependencies that are detailed below. The reference implementation takes advantage of a few existing libraries:<br />
<br />
*DefaultAccessController needs…<br />
**Commons-Configuration 1.5<br />
<br />
* DefaultValidator needs…<br />
** AntiSamy 1.2 (there may be a few transitive dependencies here)<br />
** NekoHTML 0.9.5<br />
** Xerces 2.9.1<br />
<br />
* Log4J Logger needs…<br />
** Log4j 1.2.12<br />
<br />
* DefaultHTTPUtilities needs…<br />
** Commons-FileUpload 1.2<br />
<br />
* WAF needs<br />
** XOM 1.0 (there may be a few transitive dependencies here)<br />
** Commons-FileUpload 1.2<br />
<br />
====.NET==== <br />
'''.NET Edition of the OWASP ESAPI Toolkit - Version 0.2 is released'''<br />
<br />
* The .NET version of ESAPI is being lead by Alex Smolen. Feel free to contact him at (me AT AlexSmolen DOT com) for more information.<br />
* If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition ReadMe'''<br />
<br />
Release 0.2: August 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.2'''<br />
<br />
This document provides information about the .NET Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/NET_ESAPI.zip here]. It is a zipped .chm (help) file.<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
<br>'''System Requirements'''<br />
<br />
The solution is created with VS 2008 and .NET 3.5. However, the actual code should be compatible with .NET 2.0, so it should be simple to get the code to compile in most environments.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The .NET Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
You must also download download and install the latest version of the [http://www.codeplex.com/AntiXSS AntiXss] library.<br />
<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
None<br />
<br />
<br>'''Obtaining the .NET Edition of OWASP ESAPI'''<br />
<br />
There are a couple of ways to get started with the .NET ESAPI. <br />
<br />
If you simply want to start using the functionality, you can download the assembly from [ Google Code]. You will also need to add the appropriate configuration (see here).<br />
<br />
You can download the solution from Google Code with SVN.<br />
<br />
You will need to download and install the AntiXss library separately, in order to respect the code licensing. <br />
<br />
The SwingSet application requires you to login - just register a username and go. You also need to supply a SMTP host in the web.config file in SwingSet in order to register a user, so that you can get an activation email. I might change this in the released version, since it's sort of a pain. You can just use the external SMTP server for an email account you own and use that - i.e.<br />
<br />
<mailSettings><br />
<smtp from="dot-net-esapi@owasp.com"><br />
<network<br />
host="you fill this part in, for example d.mx.mail.yahoo.com for a yahoo.com mail account"<br />
port="25"<br />
/><br />
</smtp><br />
</mailSettings><br />
<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition Release Notes'''<br />
<br />
Release 0.2<br />
<br />
August 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.2'''<br />
<br />
This document provides information about .NET Edition of OWASP ESAPI v0.2. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release improve significanlty on the first release. The following components have been redesigned and reimplemented:<br />
<br />
* AccessController<br />
* AccessReferenceMap<br />
* Encoder<br />
* Encryptor<br />
* Esapi<br />
* HttpUtilities<br />
* IntrusionDetector<br />
* Logger<br />
* Randomizer<br />
* SecurityConfiguration<br />
* Validator<br />
<br />
The SwingSet application has also been introduced, to demonstrate how to use the ESAPI as well as showcase other ASP.NET security bet practices.<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* All components have been redesigned - there have been major changes since v0.1.<br />
<br />
<br>'''Known issues'''<br />
<br />
* Canonicalization support is incomplete - only some Codecs support decoding.<br />
* There are only a few ValidationRules.<br />
* AccessController implementation does not provide policy storage.<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* This version is an entirely different code base. Please completely upgrade all existing implementations.<br />
<br />
<br><br />
<br />
====Classic ASP====<br />
'''Classic ASP Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
* The Classic ASP version of ESAPI is being lead by Juan C Calderon. Feel free to contact him at johnccr (at) yahoo.com<br />
* join our [https://lists.owasp.org/mailman/listinfo/owasp-classic-asp-security-project OWASP Classic ASP Security Project Mailing List] to be posted on the progress of the project or to contact us.<br />
* We are working on minor fixes and documentation to release the first beta version of the software. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition ReadMe'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about the Classic ASP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
*Microsoft .NET Framework 2.0<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Classic ASP Edition of OWASP ESAPI includes a reference implementation (look for <code>default.asp.zip</code> file at [[Classic_ASP_Security_Project]]) which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There is no specific recommendation<br />
<br />
<br>'''Obtaining the Classic ASP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Classic ASP Edition of OWASP ESAPI from the [http://code.google.com/p/owasp-esapi-classicasp/ Google Code download page]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition Release Notes'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about Classic ASP Edition of OWASP ESAPI v0.9. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Implementation of most of the ESAPI .NET version for Classic ASP technology, including those for Access Control, Encoding, Input Validation, Encryption and much more (Authentication class was fully implemented yet)<br />
* Sample Classic ASP page demonstrating the use of the different classes and methods<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* You might receive a compilation error when instantiating the <code>AccessController</code> class<br />
* You have to copy the web.config file to the IIS worker folder. For example to <code>C:\Windows\System32\inetsrv\w3wp.exe.config</code> in Windows Vista<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====PHP====<br />
'''PHP Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The PHP version of ESAPI is being lead by [[User:Vanderaj|Andrew van der Stock]]. Feel free to contact [mailto:vanderaj@owasp.org him] for further details.<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the PHP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports PHP, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
PHP 5.2.9-2 or higher is required. There are no settings that are required to be set correctly in your php.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The PHP Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the PHP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the PHP Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-php/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about PHP Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* ESAPI main class<br />
* All interfaces (even those that are stubbed out)<br />
* AccessReferenceMap<br />
* Exceptions (i.e. everything in errors/)<br />
* Encoder and everthing in codecs/<br />
* HTTP Utilities<br />
* String Utilities<br />
* Validator<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* Tags. There's no equivalent in the PHP world. <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====ColdFusion/CFML====<br />
<br />
'''ColdFusion/CFML Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The ColdFusion/CFML version of ESAPI is being lead by Jason Dean (jason at 12robots dot com) and Bill Shelton (billshelton at comcast dot net). Feel free to contact either person for further details.<br />
<br><br />
----<br />
'''OWASP ESAPI - ColdFusion/CFML Edition''' <br /><br />
Release (TBD): May, 2009 <br />
<br />
<br>'''Welcome to the ColdFusion/CFML Edition of OWASP ESAPI (v.TBD)'''<br />
<br />
The ColdFusion/CFML edition of ESAPI will provide ESAPI functionality for developers using CFML. It is<br />
the project's intent to support Adobe ColdFusion, Railo, and Open BlueDragon. Development focus will<br />
be placed on CFML frameworks wishing to integrate CFESAPI.<br />
<br />
'''Status'''<br /><br />
Development is currently underway. Roadmap and preliminary source code will be available shortly at the Google Code<br />
[http://code.google.com/p/owasp-esapi-coldfusion/ project home].<br />
<br />
'''Contribute'''<br /><br />
Any developers, framework providers, or CFML engine contributors interested in contributing, using and testing, please contact the project owners above and join the Google <br />
[http://groups.google.com/group/cfesapi mailing list]. <br />
<br />
<br />
<br />
====Python====<br />
<br />
'''Python Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The Python version of ESAPI is being lead by [[User:Craig Younkins|Craig Younkins]]. Feel free to contact [mailto:craig.younkins@owasp.org him] for further details.<br />
* We are currently looking for contributors. If you are interested in working on ESAPI on Python, please join our [http://lists.owasp.org/mailman/listinfo/esapi-python mailing list] or send me an [mailto:craig.younkins@owasp.org email].<br />
<br><br />
----<br />
'''OWASP ESAPI - Python Edition'''<br />
<br />
<br>'''Welcome to the Python Edition of OWASP ESAPI v0.1'''<br />
<br />
Version 0.1 of the Python edition of ESAPI is currently under development. Take a look at our [http://code.google.com/p/owasp-esapi-python/ Google Code] site to clone the Mercurial repository or submit bugs. Documentation for the API is available [http://owasp-esapi-python.googlecode.com/hg/doc/index.html here].<br />
<br />
<br />
====Haskell==== <br />
'''Haskell Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
<br />
* The Haskell version of ESAPI is being lead by Sigbjorn Finne. Feel free to contact him at sof 'AT' galois.com for further details.<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Haskell Edition ReadMe'''<br />
<br />
Sigbjorn (and Galois, who is his employer) are contributors to the core Haskell language. The intent of this effort is to make ESAPI for Haskell part of Haskell itself.<br />
<br />
|<br />
<br />
Proj_Mail= '''Project News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* OWASP ESAPI has been integrated into the [[OWASP Secure Software Contract Annex]] in the [[OWASP Legal Project]].<br />
* OWASP ESAPI is presented by [[User:Jeff Williams|Jeff Williams]] at [http://www.owasp.org/index.php/OWASP_Software_Assurance_Day_DC_2009 OWASP Software Assurance Day DC 2009] in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.<br />
<br>'''Project Mail List'''<br>[http://lists.owasp.org/mailman/listinfo/owasp-esapi Subscribe here]<br>[mailto:owasp-esapi@lists.owasp.org Use here] |<br />
<br />
Proj_Related= [[Top Ten|OWASP Top Ten]] |<br />
<br />
Proj_Contributors=<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
'''Project Leader'''<br>[[:User:Jeff Williams|Jeff Williams]]<br><br>'''Project Contributors'''<br>[[User:Jmanico|Jim Manico]] <br>[[User:Wichers|Dave Wichers]]<br> [[User:Arshan|Arshan Dabirsiaghi]] <br> [[User:Jerryhoff|Jerry Hoff]]<br />
<br />
'''The ESAPI project is sponsored by:'''<br />
<br><br />
[http://www.aspectsecurity.com/ http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
<br><br />
</td><td><br />
'''Users and Adopters'''<br />
<br />
The following organizations are a few of the many organizations that are starting to adopt ESAPI to secure their web applications:<br />
* [http://www.americanexpress.com/ American Express]<br />
* [http://www.apache.org/ Apache Foundation]<br />
* [http://www.boozallen.com Booz Allen Hamilton]<br />
* [http://www.aspectsecurity.com/ Aspect Security]<br />
* [http://www.galois.com Galois]<br />
* [http://www.foundstone.com Foundstone(McAfee)]<br />
* [http://www.thehartford.com/ The Hartford]<br />
* [http://www.infinitecampus.com Infinite Campus]<br />
* [http://www.lockheedmartin.com/ Lockheed Martin]<br />
* [http://cwe.mitre.org/top25/index.html MITRE]<br />
* [http://www.nationwide.com/ Nationwide Insurance]<br />
* [http://enterprise.spawar.navy.mil/ U.S. Navy - SPAWAR]<br />
* [http://www.worldbank.org/ The World Bank]<br />
* [http://www.sans.org/top25errors/ SANS Institute]<br />
<br />
Please let us know how your organization is using OWASP ESAPI. Include your name, organization's name, and brief description of how you are using it. The project lead can be reached [mailto:jeff.williams@owasp.org here].<br />
<br />
</td></tr><br />
</table><br />
<br />
}}<br />
''This project licensed under the [http://en.wikipedia.org/wiki/BSD_license BSD license], which is very permissive and about as close to public domain as is possible. You can use or modify ESAPI however you want, even include it in commercial products.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Category:OWASP_Enterprise_Security_API&diff=63678Category:OWASP Enterprise Security API2009-06-05T19:54:04Z<p>Alexsmolen: </p>
<hr />
<div>{{ProjectTabs | <br />
Proj_About= <br />
<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
''OWASP Tools Project''<br />
<br />
'''Enterprise Security API (ESAPI)'''<br />
<br />
OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers. Further development of ESAPI occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please [mailto:jeff.williams@owasp.org contact us].<br />
<br />
'''ESAPI Toolkits'''<br />
<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Java_EE | Java EE]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=.NET | .NET]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Classic_ASP | Classic ASP]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=PHP | PHP]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=ColdFusion | ColdFusion]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Python | Python]]<br />
* [[:Category:OWASP_Enterprise_Security_API#tab=Haskell | Haskell]]<br />
<br />
'''How ESAPI Works'''<br />
<br />
ESAPI Toolkits are designed to automatically take care of many aspects of application security, making these issues invisible to the developers. <br />
<br />
[[Image:Esapi-before-after.JPG|550px]]<br />
<br />
</td><td><br />
; <br />
<br>'''Latest News'''<br />
* ESAPI Python version project is starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* The Cold Fusion implementation project has started. It will build on the Java API, using wrappers for CFML.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* Request for users/adopters/supporters. Please let us know your stories!<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=News ESAPI News Archives]<br />
* [mailto:owasp-esapi@lists.owasp.org ESAPI Mailing List]<br />
<br />
'''Sample Application - ESAPI Swingset'''<br />
* The [[ESAPI_Swingset | ESAPI Swingset]] sample application is under development.<br />
** Many lessons have been completed that demonstrate how to leverage ESAPI to protect a web application.<br />
** It also demonstrates the flaws web applications can have if they are not ESAPI-enabled.<br />
</td></tr><br />
</table><br />
<br />
| <br />
<br />
Proj_Documentation= <br />
'''More About OWASP ESAPI'''<br />
<br />
* ESAPI interface documentation ([http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html JavaDocs])<br />
* Project presentation ([http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx PowerPoint])<br />
* Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])<br />
* One Page Datasheet ([http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf PDF], [http://www.owasp.org/images/d/d0/ESAPI_One_Page_Handout.doc Word]) <br />
<br />
'''Related projects'''<br />
<br />
* [[Top Ten|OWASP Top Ten]]<br />
* [http://www.owasp.org/index.php/ASVS OWASP ASVS]<br />
<br />
<br><br />
====Java EE====<br />
<br />
'''Java Edition of the OWASP ESAPI Toolkit - '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]<br />
<br />
* The Java EE version of ESAPI is being lead by [[User:Jeff Williams|Jeff Williams]]. Feel free to contact [mailto:jeff.williams@owasp.org him] for further details.<br />
<br />
We are seeking organizations willing to pilot ESAPI and work with us to make this library better. Please contact jeff.williams@owasp.org for more information. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Java Edition ReadMe'''<br />
<br />
Release 1.4: December, 2008<br />
<br />
<br>'''Welcome to the Java Edition of OWASP ESAPI v1.4'''<br />
<br />
This document provides information about the Java Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<table width="100%" valign="top"><tr><th width="50%">JAR Files</th><th>Source Files</th></tr><tr valign="top"><td><br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar ESAPI v1.4 Complete JAR file] <br />
: JAVA 1.4 compatible JAR for ESAPI v1.4<br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar ESAPI v1.4 Basic JAR file]<br />
: Java 1.4 compatible JAR for ESAPI v1.4 (does not contain many reference implementations)<br />
</td><td><br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip ESAPI v1.4 Source archive]<br />
: Source files for ESAPI v1.4<br />
<br />
</td></tr><br />
</table><br />
'''Using the ESAPI'''<br />
<br />
If you want to see what the ESAPI is all about, and want to use the built-in implementations,<br />
* Download the latest version of the ESAPI JAR from above.<br />
* Add the ESAPI JAR to your project's build path.<br />
* The current ESAPI JAR has been built for Java 1.6, however support for Java 1.4.2+ is available. Please see [[ESAPI-Building]] for information on building ESAPI for a different version of Java. <br />
* Use the [http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html ESAPI's Javadocs] to take advantage of all the built-in functions of the ESAPI.<br />
<br />
'''Running Demo App'''<br />
<br />
The ESAPI Demo application has been named [[ESAPI_Swingset|''The ESAPI Swingset'']]. More information about Swingset is available [[ESAPI_Swingset | here]].<br />
<br />
ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br>JAVA 1.4 compatible JAR for ESAPI v1.4 - [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar Complete] & [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar Basic] JAR files<br>[http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip Source files for ESAPI v1.4]<br>[http://code.google.com/p/owasp-esapi-java/ ESAPI Google Code repository]<br>[http://code.google.com/p/owasp-esapi-java/source/browse/#svn/trunk/src/main/java/org/owasp/esapi Browse the Java source at Google]<br>[http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports Java, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
Java v1.4 or higher is required. There are no settings that are required to be set correctly in your properties files to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Java Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the Java Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Java Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-java/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Java Edition Release Notes'''<br />
<br />
Release 1.4<br />
<br />
<br>'''Welcome to the Java Edition of OWASP ESAPI v1.4'''<br />
<br />
This document provides information about Java Edition of OWASP ESAPI v1.4. Browse through the topics below to find out about new features, known issues and limitations for this release. Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* <TBD><br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* <TBD><br />
<br />
<br>'''Known issues'''<br />
<br />
* None<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====.NET==== <br />
'''.NET Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
<br />
* The .NET version of ESAPI is being lead by Alex Smolen. Feel free to contact him at (me AT AlexSmolen DOT com) for more information.<br />
* The second release is currently under development.<br />
* If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition ReadMe'''<br />
<br />
Release 0.1: February 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the .NET Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/NET_ESAPI.zip here]. It is a zipped .chm (help) file.<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
<br>'''System Requirements'''<br />
<br />
.NET 2.0 or higher is required. The project is currently in VS2005, but will be porting to VS2008 soon.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The .NET Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
None<br />
<br />
<br>'''Obtaining the .NET Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the .NET Edition of OWASP ESAPI from the Google Code download page [http://owasp-esapi-dotnet.googlecode.com/files/ here]<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
February 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about .NET Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Complete translation of Java ESAPI to .NET<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* This release is a very early translation of the Java ESAPI and needs some work to integrate into ASP.NET applications. The next version of the .NET ESAPI should be more usable and functional.<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Classic ASP====<br />
'''Classic ASP Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
* The Classic ASP version of ESAPI is being lead by Juan C Calderon. Feel free to contact him at johnccr (at) yahoo.com<br />
* join our [https://lists.owasp.org/mailman/listinfo/owasp-classic-asp-security-project OWASP Classic ASP Security Project Mailing List] to be posted on the progress of the project or to contact us.<br />
* We are working on minor fixes and documentation to release the first beta version of the software. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition ReadMe'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about the Classic ASP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
*Microsoft .NET Framework 2.0<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Classic ASP Edition of OWASP ESAPI includes a reference implementation (look for <code>default.asp.zip</code> file at [[Classic_ASP_Security_Project]]) which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There is no specific recommendation<br />
<br />
<br>'''Obtaining the Classic ASP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Classic ASP Edition of OWASP ESAPI from the [http://code.google.com/p/owasp-esapi-classicasp/ Google Code download page]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition Release Notes'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about Classic ASP Edition of OWASP ESAPI v0.9. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Implementation of most of the ESAPI .NET version for Classic ASP technology, including those for Access Control, Encoding, Input Validation, Encryption and much more (Authentication class was fully implemented yet)<br />
* Sample Classic ASP page demonstrating the use of the different classes and methods<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* You might receive a compilation error when instantiating the <code>AccessController</code> class<br />
* You have to copy the web.config file to the IIS worker folder. For example to <code>C:\Windows\System32\inetsrv\w3wp.exe.config</code> in Windows Vista<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====PHP====<br />
'''PHP Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The PHP version of ESAPI is being lead by [[User:Vanderaj|Andrew van der Stock]]. Feel free to contact [mailto:vanderaj@owasp.org him] for further details.<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the PHP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports PHP, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
PHP 5.2.9-2 or higher is required. There are no settings that are required to be set correctly in your php.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The PHP Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the PHP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the PHP Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-php/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about PHP Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* ESAPI main class<br />
* All interfaces (even those that are stubbed out)<br />
* AccessReferenceMap<br />
* Exceptions (i.e. everything in errors/)<br />
* Encoder and everthing in codecs/<br />
* HTTP Utilities<br />
* String Utilities<br />
* Validator<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* Tags. There's no equivalent in the PHP world. <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====ColdFusion/CFML====<br />
<br />
'''ColdFusion/CFML Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The ColdFusion/CFML version of ESAPI is being lead by Jason Dean (jason at 12robots dot com) and Bill Shelton (billshelton at comcast dot net). Feel free to contact either person for further details.<br />
<br><br />
----<br />
'''OWASP ESAPI - ColdFusion/CFML Edition''' <br /><br />
Release (TBD): May, 2009 <br />
<br />
<br>'''Welcome to the ColdFusion/CFML Edition of OWASP ESAPI (v.TBD)'''<br />
<br />
The ColdFusion/CFML edition of ESAPI will provide ESAPI functionality for developers using CFML. It is<br />
the project's intent to support Adobe ColdFusion, Railo, and Open BlueDragon. Development focus will<br />
be placed on CFML frameworks wishing to integrate CFESAPI.<br />
<br />
'''Status'''<br /><br />
Development is currently underway. Roadmap and preliminary source code will be available shortly at the Google Code<br />
[http://code.google.com/p/owasp-esapi-coldfusion/ project home].<br />
<br />
'''Contribute'''<br /><br />
Any developers, framework providers, or CFML engine contributors interested in contributing, using and testing, please contact the project owners above and join the Google <br />
[http://groups.google.com/group/cfesapi mailing list]. <br />
<br />
<br />
<br />
====Python====<br />
<br />
'''Python Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* The Python version of ESAPI is being lead by [[User:Craig Younkins|Craig Younkins]]. Feel free to contact [mailto:craig.younkins@owasp.org him] for further details.<br />
* We are currently looking for contributors. If you are interested in working on ESAPI on Python, please join our [http://lists.owasp.org/mailman/listinfo/esapi-python mailing list] or send me an [mailto:craig.younkins@owasp.org email].<br />
<br><br />
----<br />
'''OWASP ESAPI - Python Edition'''<br />
<br />
<br>'''Welcome to the Python Edition of OWASP ESAPI v0.1'''<br />
<br />
Version 0.1 of the Python edition of ESAPI is currently under development. Take a look at our [http://code.google.com/p/owasp-esapi-python/ Google Code] site to clone the Mercurial repository or submit bugs. Documentation for the API will be available online shortly.<br />
<br />
<br />
====Haskell==== <br />
'''Haskell Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
<br />
* The Haskell version of ESAPI is being lead by Sigbjorn Finne. Feel free to contact him at sof 'AT' galois.com for further details.<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Haskell Edition ReadMe'''<br />
<br />
Sigbjorn (and Galois, who is his employer) are contributors to the core Haskell language. The intent of this effort is to make ESAPI for Haskell part of Haskell itself.<br />
<br />
|<br />
<br />
Proj_Mail= '''Project News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* OWASP ESAPI has been integrated into the [[OWASP Secure Software Contract Annex]] in the [[OWASP Legal Project]].<br />
* OWASP ESAPI is presented by [[User:Jeff Williams|Jeff Williams]] at [http://www.owasp.org/index.php/OWASP_Software_Assurance_Day_DC_2009 OWASP Software Assurance Day DC 2009] in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.<br />
<br>'''Project Mail List'''<br>[http://lists.owasp.org/mailman/listinfo/owasp-esapi Subscribe here]<br>[mailto:owasp-esapi@lists.owasp.org Use here] |<br />
<br />
Proj_Related= [[Top Ten|OWASP Top Ten]] |<br />
<br />
Proj_Contributors=<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
'''Project Leader'''<br>[[:User:Jeff Williams|Jeff Williams]]<br><br>'''Project Contributors'''<br>[[User:Jmanico|Jim Manico]] <br>[[User:Wichers|Dave Wichers]]<br> [[User:Arshan|Arshan Dabirsiaghi]] <br> [[User:Jerryhoff|Jerry Hoff]]<br />
<br />
'''The ESAPI project is sponsored by:'''<br />
<br><br />
[http://www.aspectsecurity.com/ http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
<br><br />
</td><td><br />
'''Users and Adopters'''<br />
<br />
The following organizations are a few of the many organizations that are starting to adopt ESAPI to secure their web applications:<br />
* [http://www.americanexpress.com/ American Express]<br />
* [http://www.apache.org/ Apache Foundation]<br />
* [http://www.boozallen.com Booz Allen Hamilton]<br />
* [http://www.aspectsecurity.com/ Aspect Security]<br />
* [http://www.galois.com Galois]<br />
* [http://www.foundstone.com Foundstone(McAfee)]<br />
* [http://www.thehartford.com/ The Hartford]<br />
* [http://www.infinitecampus.com Infinite Campus]<br />
* [http://www.lockheedmartin.com/ Lockheed Martin]<br />
* [http://cwe.mitre.org/top25/index.html MITRE]<br />
* [http://www.nationwide.com/ Nationwide Insurance]<br />
* [http://enterprise.spawar.navy.mil/ U.S. Navy - SPAWAR]<br />
* [http://www.worldbank.org/ The World Bank]<br />
* [http://www.sans.org/top25errors/ SANS Institute]<br />
<br />
Please let us know how your organization is using OWASP ESAPI. Include your name, organization's name, and brief description of how you are using it. The project lead can be reached [mailto:jeff.williams@owasp.org here].<br />
<br />
</td></tr><br />
</table><br />
<br />
}}<br />
''This project licensed under the [http://en.wikipedia.org/wiki/BSD_license BSD license], which is very permissive and about as close to public domain as is possible. You can use or modify ESAPI however you want, even include it in commercial products.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Category:OWASP_Enterprise_Security_API&diff=59655Category:OWASP Enterprise Security API2009-04-29T15:07:28Z<p>Alexsmolen: </p>
<hr />
<div>{{ProjectTabs | <br />
Proj_About= <br />
<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
''OWASP Tools Project''<br />
<br />
'''Enterprise Security API (ESAPI)'''<br />
<br />
OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers.<br />
<br />
Further development of ESAPI occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please [mailto:jeff.williams@owasp.org contact us].<br />
<br />
'''ESAPI Toolkits'''<br />
<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Java_EE Java EE]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET .NET]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Classic_ASP Classic ASP]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Cold_Fusion Cold Fusion]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=PHP PHP]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Haskell Haskell]<br />
<br />
'''How ESAPI Works'''<br />
<br />
ESAPI Toolkits are designed to automatically take care of many aspects of application security, making these issues invisible to the developers. <br />
<br />
[[Image:Esapi-before-after.JPG|550px]]<br />
<br />
</td><td><br />
; <br />
<br>'''Latest News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* Request for users/adopters/supporters. Please let us know your stories!<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=News ESAPI News Archives]<br />
* [mailto:owasp-esapi@lists.owasp.org ESAPI Mailing List]<br />
</td></tr><br />
</table><br />
<br />
| <br />
<br />
Proj_Documentation= <br />
'''More About OWASP ESAPI'''<br />
[[Image:Esapi-project.JPG|thumb|left|110px|Project Presentation]]<br />
<br />
* ESAPI interface documentation ([http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html JavaDocs])<br />
* Project presentation ([http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx PowerPoint])<br />
* Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])<br />
* One Page Datasheet ([http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf PDF], [http://www.owasp.org/images/d/d0/ESAPI_One_Page_Handout.doc Word]) <br />
<br><br />
<br><br />
<br><br />
<br><br />
'''Related projects'''<br />
<br />
[[Image:Owasp-projects-page.jpg|thumb|110px|left|Projects Page]]<br />
* [[Top Ten|OWASP Top Ten]]<br />
* [http://www.owasp.org/index.php/ASVS OWASP ASVS]<br />
<br />
<br><br />
====Java EE====<br />
<br />
'''Java Edition of the OWASP ESAPI Toolkit - '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]<br />
<br />
This is the first public release and will undoubtably undergo significant revision over the coming months. We are seeking organizations willing to pilot this ESAPI and work with us to make this library better. Please contact jeff.williams@owasp.org for more information. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Java Edition ReadMe'''<br />
<br />
Release 1.4: December, 2008<br />
<br />
<br>'''Welcome to the Java Edition of OWASP ESAPI v1.4'''<br />
<br />
This document provides information about the Java Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<table width="100%" valign="top"><tr><th width="50%">JAR Files</th><th>Source Files</th></tr><tr valign="top"><td><br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar ESAPI v1.4 Complete JAR file] <br />
: JAVA 1.4 compatible JAR for ESAPI v1.4<br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar ESAPI v1.4 Basic JAR file]<br />
: Java 1.4 compatible JAR for ESAPI v1.4 (does not contain many reference implementations)<br />
</td><td><br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip ESAPI v1.4 Source archive]<br />
: Source files for ESAPI v1.4<br />
<br />
</td></tr><br />
</table><br />
'''Using the ESAPI'''<br />
<br />
If you want to see what the ESAPI is all about, and want to use the built-in implementations,<br />
* Download the latest version of the ESAPI JAR from above.<br />
* Add the ESAPI JAR to your project's build path.<br />
* The current ESAPI JAR has been built for Java 1.6, however support for Java 1.4.2+ is available. Please see [[ESAPI-Building]] for information on building ESAPI for a different version of Java. <br />
* Use the [http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html ESAPI's Javadocs] to take advantage of all the built-in functions of the ESAPI.<br />
<br />
'''Running Demo App'''<br />
<br />
The ESAPI Demo application has been named [[ESAPI_Swingset|''The ESAPI Swingset'']]. More information about Swingset is available [[ESAPI_Swingset | here]].<br />
<br />
ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br>JAVA 1.4 compatible JAR for ESAPI v1.4 - [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar Complete] & [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar Basic] JAR files<br>[http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip Source files for ESAPI v1.4]<br>[http://code.google.com/p/owasp-esapi-java/ ESAPI Google Code repository]<br>[http://code.google.com/p/owasp-esapi-java/source/browse/#svn/trunk/src/main/java/org/owasp/esapi Browse the Java source at Google]<br>[http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports Java, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
Java v1.4 or higher is required. There are no settings that are required to be set correctly in your properties files to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Java Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the Java Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Java Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-java/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Java Edition Release Notes'''<br />
<br />
Release 1.4<br />
<br />
<br>'''Welcome to the Java Edition of OWASP ESAPI v1.4'''<br />
<br />
This document provides information about Java Edition of OWASP ESAPI v1.4. Browse through the topics below to find out about new features, known issues and limitations for this release. Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* <TBD><br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* <TBD><br />
<br />
<br>'''Known issues'''<br />
<br />
* <TBD> <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====.NET==== <br />
'''.NET Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
<br />
The second release is under development - please contact me AT AlexSmolen DOT com for more information. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition ReadMe'''<br />
<br />
Release 0.1: February 2009<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the .NET Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/NET_ESAPI.zip here]. It is a zipped .chm (help) file.<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
<br>'''System Requirements'''<br />
<br />
.NET 2.0 or higher is required. The project is currently in VS2005, but will be porting to VS2008 soon.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The .NET Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
None<br />
<br />
<br>'''Obtaining the .NET Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the .NET Edition of OWASP ESAPI from the Google Code download page [http://owasp-esapi-dotnet.googlecode.com/files/ here]<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
February 2008<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about .NET Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Complete translation of Java ESAPI to .NET<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* This release is a very early translation of the Java ESAPI and needs some work to integrate into ASP.NET applications. The next version of the .NET ESAPI should be more usable and functional.<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Classic ASP====<br />
'''Classic ASP Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition ReadMe'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about the Classic ASP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
*Microsoft .NET Framework 2.0<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Classic ASP Edition of OWASP ESAPI includes a reference implementation (look for <code>default.asp.zip</code> file at [[Classic_ASP_Security_Project]]) which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There is no specific recommendation<br />
<br />
<br>'''Obtaining the Classic ASP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Classic ASP Edition of OWASP ESAPI from the [http://code.google.com/p/owasp-esapi-classicasp/ Google Code download page]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition Release Notes'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about Classic ASP Edition of OWASP ESAPI v0.9. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Implementation of most of the ESAPI .NET version for Classic ASP technology, including those for Access Control, Encoding, Input Validation, Encryption and much more (Authentication class was fully implemented yet)<br />
* Sample Classic ASP page demonstrating the use of the different classes and methods<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* You might receive a compilation error when instantiating the <code>AccessController</code> class<br />
* You have to copy the web.config file to the IIS worker folder. For example to <code>C:\Windows\System32\inetsrv\w3wp.exe.config</code> in Windows Vista<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Cold Fusion====<br />
'''Cold Fusion Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Cold Fusion Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
<month> <year><br />
<br />
<br>'''Welcome to the Cold Fusion Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the Cold Fusion Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
<TBD><br />
<br />
Cold Fusion 4.1.0 or higher is required. There are no settings that are required to be set correctly in your Cold Fusion.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Cold Fusion Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
<TBD><br />
<br />
<br>'''Obtaining the Cold Fusion Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Cold Fusion Edition of OWASP ESAPI from the Google Code download page <TBD><br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Cold Fusion Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
<month> <year><br />
<br />
<br>'''Welcome to the Cold Fusion Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about Cold Fusion Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* <TBD><br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* <TBD> <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====PHP====<br />
'''PHP Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
* Contact [mailto:vanderaj@owasp.org Andrew van der Stock] for further details.<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the PHP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports PHP, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
PHP 5.2.9-2 or higher is required. There are no settings that are required to be set correctly in your php.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The PHP Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the PHP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the PHP Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-php/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about PHP Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* ESAPI main class<br />
* All interfaces (even those that are stubbed out)<br />
* AccessReferenceMap<br />
* Exceptions (i.e. everything in errors/)<br />
* Encoder and everthing in codecs/<br />
* HTTP Utilities<br />
* String Utilities<br />
* Validator<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* Tags. There's no equivalent in the PHP world. <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Haskell==== <br />
'''Haskell Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Haskell Edition ReadMe'''<br />
<br />
This version of ESAPI is being developed by Sigbjorn Finne, sof 'AT' galois.com. Sigbjorn (and Galois, who is his employer) are contributors to the core Haskell language. The intent of this effort is to make ESAPI for Haskell part of Haskell itself.<br />
<br />
Please contact Sigbjorn for more details.<br />
<br />
|<br />
<br />
Proj_Mail= '''Project News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* OWASP ESAPI has been integrated into the [[OWASP Secure Software Contract Annex]] in the [[OWASP Legal Project]].<br />
* OWASP ESAPI is presented by [[User:Jeff Williams|Jeff Williams]] at [http://www.owasp.org/index.php/OWASP_Software_Assurance_Day_DC_2009 OWASP Software Assurance Day DC 2009] in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.<br />
<br>'''Project Mail List'''<br>[http://lists.owasp.org/mailman/listinfo/owasp-esapi Subscribe here]<br>[mailto:owasp-esapi@lists.owasp.org Use here] |<br />
<br />
Proj_Related= [[Top Ten|OWASP Top Ten]] |<br />
<br />
Proj_Contributors= '''Project Leader'''<br>[[:User:Jeff Williams|Jeff Williams]]<br><br>'''Project Contributors'''<br>[[User:Jmanico|Jim Manico]] <br>[[User:Wichers|Dave Wichers]]<br> [[User:Arshan|Arshan Dabirsiaghi]] <br> [[User:Jerryhoff|Jerry Hoff]]<br />
<br />
'''The ESAPI project is sponsored by:'''<br />
<br><br />
[http://www.aspectsecurity.com/ http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
<br><br />
<br />
'''Users and Adopters'''<br />
<br />
Coming soon!<br><br />
<br />
}}<br />
''This project licensed under the [http://en.wikipedia.org/wiki/BSD_license BSD license], which is very permissive and about as close to public domain as is possible. You can use or modify ESAPI however you want, even include it in commercial products.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=59638.NET ESAPI2009-04-29T01:22:13Z<p>Alexsmolen: Redirecting to ESAPI</p>
<hr />
<div>#REDIRECT [[ESAPI]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Category:OWASP_Enterprise_Security_API&diff=59637Category:OWASP Enterprise Security API2009-04-29T01:19:52Z<p>Alexsmolen: </p>
<hr />
<div>{{ProjectTabs | <br />
Proj_About= <br />
<br />
<table width="100%" valign="top"><tr><th width="50%"> </th><th> </th></tr><tr valign="top"><td><br />
''OWASP Tools Project''<br />
<br />
'''Enterprise Security API (ESAPI)'''<br />
<br />
OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers.<br />
<br />
Further development of ESAPI occurs through mailing list discussions and occasional workshops, and suggestions for improvement are welcome. For more information, please [mailto:jeff.williams@owasp.org contact us].<br />
<br />
'''ESAPI Toolkits'''<br />
<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Java_EE Java EE]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET .NET]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Classic_ASP Classic ASP]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Cold_Fusion Cold Fusion]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=PHP PHP]<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Haskell Haskell]<br />
<br />
'''How ESAPI Works'''<br />
<br />
ESAPI Toolkits are designed to automatically take care of many aspects of application security, making these issues invisible to the developers. <br />
<br />
[[Image:Esapi-before-after.JPG|550px]]<br />
<br />
</td><td><br />
; <br />
<br>'''Latest News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* Request for users/adopters/supporters. Please let us know your stories!<br />
* [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=News ESAPI News Archives]<br />
* [mailto:owasp-esapi@lists.owasp.org ESAPI Mailing List]<br />
</td></tr><br />
</table><br />
<br />
| <br />
<br />
Proj_Documentation= <br />
'''More About OWASP ESAPI'''<br />
[[Image:Esapi-project.JPG|thumb|left|110px|Project Presentation]]<br />
<br />
* ESAPI interface documentation ([http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html JavaDocs])<br />
* Project presentation ([http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20Overview.pptx PowerPoint])<br />
* Video presentation ([http://www.youtube.com/watch?v=QAPD1jPn04g YouTube])<br />
* One Page Datasheet ([http://www.owasp.org/images/3/31/ESAPI_One_Page_Handout.pdf PDF], [http://www.owasp.org/images/d/d0/ESAPI_One_Page_Handout.doc Word]) <br />
<br><br />
<br><br />
<br><br />
<br><br />
'''Related projects'''<br />
<br />
[[Image:Owasp-projects-page.jpg|thumb|110px|left|Projects Page]]<br />
* [[Top Ten|OWASP Top Ten]]<br />
* [http://www.owasp.org/index.php/ASVS OWASP ASVS]<br />
<br />
<br><br />
====Java EE====<br />
<br />
'''Java Edition of the OWASP ESAPI Toolkit - '''[[:Category:OWASP Project Assessment#Release Quality Tool Criteria|Release Quality]]<br />
<br />
This is the first public release and will undoubtably undergo significant revision over the coming months. We are seeking organizations willing to pilot this ESAPI and work with us to make this library better. Please contact jeff.williams@owasp.org for more information. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Java Edition ReadMe'''<br />
<br />
Release 1.4: December, 2008<br />
<br />
<br>'''Welcome to the Java Edition of OWASP ESAPI v1.4'''<br />
<br />
This document provides information about the Java Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<table width="100%" valign="top"><tr><th width="50%">JAR Files</th><th>Source Files</th></tr><tr valign="top"><td><br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar ESAPI v1.4 Complete JAR file] <br />
: JAVA 1.4 compatible JAR for ESAPI v1.4<br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar ESAPI v1.4 Basic JAR file]<br />
: Java 1.4 compatible JAR for ESAPI v1.4 (does not contain many reference implementations)<br />
</td><td><br />
; [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip ESAPI v1.4 Source archive]<br />
: Source files for ESAPI v1.4<br />
<br />
</td></tr><br />
</table><br />
'''Using the ESAPI'''<br />
<br />
If you want to see what the ESAPI is all about, and want to use the built-in implementations,<br />
* Download the latest version of the ESAPI JAR from above.<br />
* Add the ESAPI JAR to your project's build path.<br />
* The current ESAPI JAR has been built for Java 1.6, however support for Java 1.4.2+ is available. Please see [[ESAPI-Building]] for information on building ESAPI for a different version of Java. <br />
* Use the [http://owasp-esapi-java.googlecode.com/svn/trunk_doc/index.html ESAPI's Javadocs] to take advantage of all the built-in functions of the ESAPI.<br />
<br />
'''Running Demo App'''<br />
<br />
The ESAPI Demo application has been named [[ESAPI_Swingset|''The ESAPI Swingset'']]. More information about Swingset is available [[ESAPI_Swingset | here]].<br />
<br />
ESAPI Demo application - [[ESAPI_Swingset|The ESAPI Swingset]]<br>JAVA 1.4 compatible JAR for ESAPI v1.4 - [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-full-java-1.4.jar Complete] & [http://owasp-esapi-java.googlecode.com/files/owasp-esapi-basic-java-1.4.jar Basic] JAR files<br>[http://owasp-esapi-java.googlecode.com/files/owasp-esapi-java-src-1.4.zip Source files for ESAPI v1.4]<br>[http://code.google.com/p/owasp-esapi-java/ ESAPI Google Code repository]<br>[http://code.google.com/p/owasp-esapi-java/source/browse/#svn/trunk/src/main/java/org/owasp/esapi Browse the Java source at Google]<br>[http://code.google.com/p/owasp-esapi-java/issues/list Problems with the ESAPI may be reported here]<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports Java, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
Java v1.4 or higher is required. There are no settings that are required to be set correctly in your properties files to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Java Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the Java Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Java Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-java/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Java Edition Release Notes'''<br />
<br />
Release 1.4<br />
<br />
<br>'''Welcome to the Java Edition of OWASP ESAPI v1.4'''<br />
<br />
This document provides information about Java Edition of OWASP ESAPI v1.4. Browse through the topics below to find out about new features, known issues and limitations for this release. Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* <TBD><br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* <TBD><br />
<br />
<br>'''Known issues'''<br />
<br />
* <TBD> <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====.NET==== <br />
'''.NET Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
<br />
The second release is under development. If you're interested in application security, please join the [http://lists.owasp.org/mailman/listinfo/owasp-esapi OWASP ESAPI mailing list] and help make ESAPI better!<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition ReadMe'''<br />
<br />
Release 0.1: February 2008<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the .NET Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/NET_ESAPI.zip here]. It is a zipped .chm (help) file.<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
<br>'''System Requirements'''<br />
<br />
.NET 2.0 or higher is required. The project is currently in VS2005, but will be porting to VS2008 soon.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The .NET Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
None<br />
<br />
<br>'''Obtaining the .NET Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the .NET Edition of OWASP ESAPI from the Google Code download page [http://owasp-esapi-dotnet.googlecode.com/files/ here]<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - .NET Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
February 2008<br />
<br />
<br>'''Welcome to the .NET Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about .NET Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Complete translation of Java ESAPI to .NET<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* This release is a very early translation of the Java ESAPI and needs some work to integrate into ASP.NET applications. The next version of the .NET ESAPI should be more usable and functional.<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Classic ASP====<br />
'''Classic ASP Edition of the OWASP ESAPI Toolkit - Alpha release is released'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition ReadMe'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about the Classic ASP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
*Microsoft .NET Framework 2.0<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Classic ASP Edition of OWASP ESAPI includes a reference implementation (look for <code>default.asp.zip</code> file at [[Classic_ASP_Security_Project]]) which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There is no specific recommendation<br />
<br />
<br>'''Obtaining the Classic ASP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Classic ASP Edition of OWASP ESAPI from the [http://code.google.com/p/owasp-esapi-classicasp/ Google Code download page]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Classic ASP Edition Release Notes'''<br />
<br />
Release 0.9<br />
<br />
March 2009<br />
<br />
<br>'''Welcome to the Classic ASP Edition of OWASP ESAPI v0.9'''<br />
<br />
This document provides information about Classic ASP Edition of OWASP ESAPI v0.9. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* Implementation of most of the ESAPI .NET version for Classic ASP technology, including those for Access Control, Encoding, Input Validation, Encryption and much more (Authentication class was fully implemented yet)<br />
* Sample Classic ASP page demonstrating the use of the different classes and methods<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* You might receive a compilation error when instantiating the <code>AccessController</code> class<br />
* You have to copy the web.config file to the IIS worker folder. For example to <code>C:\Windows\System32\inetsrv\w3wp.exe.config</code> in Windows Vista<br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Cold Fusion====<br />
'''Cold Fusion Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Cold Fusion Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
<month> <year><br />
<br />
<br>'''Welcome to the Cold Fusion Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the Cold Fusion Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
<TBD><br />
<br />
Cold Fusion 4.1.0 or higher is required. There are no settings that are required to be set correctly in your Cold Fusion.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The Cold Fusion Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
<TBD><br />
<br />
<br>'''Obtaining the Cold Fusion Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the Cold Fusion Edition of OWASP ESAPI from the Google Code download page <TBD><br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - Cold Fusion Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
<month> <year><br />
<br />
<br>'''Welcome to the Cold Fusion Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about Cold Fusion Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* <TBD><br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* <TBD> <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====PHP====<br />
'''PHP Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
* Contact [mailto:vanderaj@owasp.org Andrew van der Stock] for further details.<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition ReadMe'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about the PHP Edition of OWASP ESAPI. The topics below cover system requirements, additional product information, and application notes. <br />
<br />
For information about the new features of this release, known issues, resolved issues, and limitations, refer to the Release notes.<br />
<br />
<br>'''System Requirements'''<br />
<br />
Any webserver that has approximately six megabytes of available disk space, and properly supports PHP, such as Apache or Internet Information Services (IIS). The following is required to be installed on the server:<br />
<br />
PHP 5.2.9-2 or higher is required. There are no settings that are required to be set correctly in your php.ini to use ESAPI.<br />
<br />
<br>'''Other Requirements'''<br />
<br />
The PHP Edition of OWASP ESAPI includes a reference implementation which may be tailored or replaced, according to your organization's needs.<br />
<br />
<br>'''Server Recommendations'''<br />
<br />
There are no platform-specific server recommentations.<br />
<br />
<br>'''Obtaining the PHP Edition of OWASP ESAPI'''<br />
<br />
You can download the latest release of the PHP Edition of OWASP ESAPI from the Google Code download page [http://code.google.com/p/owasp-esapi-php/ here]<br />
<br />
When you download the source files, make sure that you keep the directory structure.<br />
<br />
<br><br />
----<br />
'''OWASP ESAPI - PHP Edition Release Notes'''<br />
<br />
Release 0.1<br />
<br />
May 2009<br />
<br />
<br>'''Welcome to the PHP Edition of OWASP ESAPI v0.1'''<br />
<br />
This document provides information about PHP Edition of OWASP ESAPI v0.1. Browse through the topics below to find out about new features, known issues and limitations for this release.<br />
<br />
Information specific to the changes in this release are captured in this document set. For all other information and for feature details, see the ESAPI <version> programming manual.<br />
<br />
<br>'''New features'''<br />
<br />
This release includes the following new features:<br />
<br />
* ESAPI main class<br />
* All interfaces (even those that are stubbed out)<br />
* AccessReferenceMap<br />
* Exceptions (i.e. everything in errors/)<br />
* Encoder and everthing in codecs/<br />
* HTTP Utilities<br />
* String Utilities<br />
* Validator<br />
<br />
<br>'''Fixed in this release'''<br />
<br />
* Not applicable. This is the first release!<br />
<br />
<br>'''Known issues'''<br />
<br />
* Tags. There's no equivalent in the PHP world. <br />
<br />
<br>'''Upgrading from earlier releases'''<br />
<br />
* Not applicable. This is the first release!<br />
<br><br />
<br />
====Haskell==== <br />
'''Haskell Edition of the OWASP ESAPI Toolkit - First release is under development'''<br />
* Details below will be filled in as work progresses. Volunteers wanted!<br />
<br><br />
----<br />
'''OWASP ESAPI - Haskell Edition ReadMe'''<br />
<br />
This version of ESAPI is being developed by Sigbjorn Finne, sof 'AT' galois.com. Sigbjorn (and Galois, who is his employer) are contributors to the core Haskell language. The intent of this effort is to make ESAPI for Haskell part of Haskell itself.<br />
<br />
Please contact Sigbjorn for more details.<br />
<br />
|<br />
<br />
Proj_Mail= '''Project News'''<br />
* ESAPI Python version project possibly starting up. Please contact jeff.williams@owasp.org for more information.<br />
* ESAPI Java 2.0rc1 is nearing completion. Release in a few weeks. Please check SVN and send any last minute requests to the ESAPI list.<br />
* We've had a request for an ESAPI ColdFusion edition. If there are any interested developers, please contact jeff.williams@owasp.org to volunteer.<br />
* ESAPI has been through a line-by-line review by a major systems integrator. We will post all the findings soon but they are pretty minor.<br />
* OWASP ESAPI has been integrated into the [[OWASP Secure Software Contract Annex]] in the [[OWASP Legal Project]].<br />
* OWASP ESAPI is presented by [[User:Jeff Williams|Jeff Williams]] at [http://www.owasp.org/index.php/OWASP_Software_Assurance_Day_DC_2009 OWASP Software Assurance Day DC 2009] in conjunction with the Software Assurance Forum sponsored by the US Department of Homeland Security, Department of Defense and National Institute of Standards and Technology.<br />
<br>'''Project Mail List'''<br>[http://lists.owasp.org/mailman/listinfo/owasp-esapi Subscribe here]<br>[mailto:owasp-esapi@lists.owasp.org Use here] |<br />
<br />
Proj_Related= [[Top Ten|OWASP Top Ten]] |<br />
<br />
Proj_Contributors= '''Project Leader'''<br>[[:User:Jeff Williams|Jeff Williams]]<br><br>'''Project Contributors'''<br>[[User:Jmanico|Jim Manico]] <br>[[User:Wichers|Dave Wichers]]<br> [[User:Arshan|Arshan Dabirsiaghi]] <br> [[User:Jerryhoff|Jerry Hoff]]<br />
<br />
'''The ESAPI project is sponsored by:'''<br />
<br><br />
[http://www.aspectsecurity.com/ http://www.owasp.org/images/d/d1/Aspect_logo.gif]<br />
<br><br />
<br />
'''Users and Adopters'''<br />
<br />
Coming soon!<br><br />
<br />
}}<br />
''This project licensed under the [http://en.wikipedia.org/wiki/BSD_license BSD license], which is very permissive and about as close to public domain as is possible. You can use or modify ESAPI however you want, even include it in commercial products.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=59450Orange County2009-04-25T01:47:49Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
===Next Meeting===<br />
====Apr 30, 2009 6:30PM-8:30PM====<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
<br />
Our fourth OC OWASP meeting will be an informal, roundtable discussion of current application security issues. Feel free to bring some ideas, code, slides, etc to contribute to the discussion. Hope to see everyone there!<br />
<br />
<br />
===Previous Meetings===<br />
====Feb 19, 2009 6:30PM-8:30PM====<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you there! [https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
<br />
====Dec 17, 2008 6PM - 9PM====<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
====Aug 27, 2008, 7 PM - 9 PM====<br />
Penny Saver<br />
<br />
603 Valencia, Brea, CA 92822<br />
<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=59449Orange County2009-04-25T01:36:17Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
Apr 30, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Our fourth OC OWASP meeting will be an informal, roundtable discussion of current application security issues. Feel free to bring <br />
some ideas, code, slides, etc to contribute to the discussion. Hope to see everyone there!<br />
<br />
<br />
'''Previous Meetings'''<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there! [https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=59448Orange County2009-04-25T01:34:59Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
Apr 30, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Our fourth OC OWASP meeting will be an informal, roundtable discussion of current application security issues. Feel free to bring some ideas, code,<br />
slides, etc to contribute to the discussion. Hope to see everyone there!<br />
<br />
<br />
'''Previous Meetings'''<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there! [https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=55330Orange County2009-02-23T21:10:56Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
TBD<br />
<br />
<br />
<br />
'''Previous Meetings'''<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there! [https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=55329Orange County2009-02-23T21:10:42Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
TBD<br />
<br />
<br />
<br />
'''Previous Meetings'''<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there! [https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=55328Orange County2009-02-23T21:10:29Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
TBD<br />
<br />
<br />
<br />
'''Previous Meetings'''<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there![https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=55327Orange County2009-02-23T21:10:08Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
TBD<br />
<br />
<br />
<br />
'''Previous Meetings'''<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there!<br />
[https://www.owasp.org/images/5/58/Cloud_Computing_Security.pdf Presentation Slides]<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=File:Cloud_Computing_Security.pdf&diff=55326File:Cloud Computing Security.pdf2009-02-23T21:08:47Z<p>Alexsmolen: Cloud Computing Security talk given by Alex Stamos at OWASP LA and OC meetings, February 2009</p>
<hr />
<div>Cloud Computing Security talk given by Alex Stamos at OWASP LA and OC meetings, February 2009</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=54141Orange County2009-02-12T20:42:03Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
[http://maps.google.com/maps?q=1235+East+Imperial+Highway,+placentia,+ca&oe=utf-8&client=firefox-a&ie=UTF8&split=0&gl=us&z=16&iwloc=addr Google Map]<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter <br />
issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you <br />
there!<br />
<br />
<br />
'''Previous Meetings'''<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=54140Orange County2009-02-12T20:41:05Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Feb 19, 2009 6:30PM-8:30PM<br />
Brooklyn Pizza Works, 1235 East Imperial Highway, Placentia, CA<br />
Come talk application security at the third OWASP OC meeting. We'll discuss current application security topics and chapter issues over pizza. We have a room booked for 15-20 people so we'll be able to rant without disturbing the patrons :) See you there!<br />
<br />
<br />
'''Previous Meetings'''<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=54046Orange County2009-02-12T03:42:01Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Feb 19, 2009 6:30PM-8:30PM<br />
TBD, Brea, CA<br />
<br />
<br />
'''Previous Meetings'''<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=54045Orange County2009-02-12T03:32:19Z<p>Alexsmolen: </p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Feb 19, 2009 7PM-9PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
<br />
'''Previous Meetings'''<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=49841.NET ESAPI2008-12-23T17:07:12Z<p>Alexsmolen: /* Working with the .NET ESAPI */</p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
=Project Goals=<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
=Working with the .NET ESAPI=<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/NET_ESAPI.zip here]. It is a zipped .chm (help) file.<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
=Administrative=<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].<br />
<br />
[[Category:OWASP Enterprise Security API]]<br />
[[Category:OWASP .NET Project]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=49473Orange County2008-12-17T16:02:24Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Dec 17, 2008 6PM - 9PM<br />
Microsoft Campus<br />
Room MPR1, 3 Park Plaza, Suite 1600, Irvine, CA, 92614<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=microsoft,+Irvine,+CA,+92614&sll=33.678479,-117.838368&sspn=0.009892,0.022745&g=3+Park+Plaza,+Irvine,+CA,+92614&ie=UTF8&ei=sCFJSfKPEo3UNc2ZmCc&cd=1&cid=33728042,-117783305,17507068988286890825&li=lmd&ll=33.731835,-117.78142&spn=0.039545,0.090981&z=14&iwloc=A Google Map]<br />
This meeting will be a roundtable discussion of application security news, plus a few OWASP-themed challenges with prizes. <br />
Pizza will be provided and we'll head to the Yard House after the meeting.<br />
<br />
'''Previous Meetings'''<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
Penny Saver<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting! <br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders. <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=ESAPI_Logging&diff=48386ESAPI Logging2008-12-11T14:52:05Z<p>Alexsmolen: /* Feature Overview */</p>
<hr />
<div>== Feature Overview ==<br />
<br />
The ESAPI Logger should promote secure logging functionality while allowing organizations to choose their own logging framework. The primary benefit of the ESAPI Logger is the addition of relevant security information to the log message and the use of specific tags that allow log messages to be identified as SECURITY related (as opposed to FUNCTIONAL, PERFROMANCE, etc).<br />
<br />
== Possible Enhancements == <br />
<br />
* Remove LogFactory interface. The ESAPI is a factory itself that can be used to select a logging implementation.<br />
<br />
* Change default log behavior to use classes rather than module names.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=ESAPI_Logging&diff=48382ESAPI Logging2008-12-11T14:48:11Z<p>Alexsmolen: /* Possible Enhancements */</p>
<hr />
<div>== Feature Overview ==<br />
<br />
The ESAPI Logger should promote secure logging functionality while allowing organizations to choose their own logging framework.<br />
<br />
== Possible Enhancements == <br />
<br />
* Remove LogFactory interface. The ESAPI is a factory itself that can be used to select a logging implementation.<br />
<br />
* Change default log behavior to use classes rather than module names.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=ESAPI_Logging&diff=48377ESAPI Logging2008-12-11T14:45:45Z<p>Alexsmolen: /* Feature Overview */</p>
<hr />
<div>== Feature Overview ==<br />
<br />
The ESAPI Logger should promote secure logging functionality while allowing organizations to choose their own logging framework.<br />
<br />
== Possible Enhancements == <br />
<br />
* TODO<br />
<br />
* ...</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=ESAPI_Validation&diff=48359ESAPI Validation2008-12-11T14:32:45Z<p>Alexsmolen: /* Possible Enhancements */</p>
<hr />
<div>== Possible Enhancements ==<br />
<br />
* Reduce the number of required parameters to validation methods by creating new methods signatures that use default parameters.<br />
<br />
* Change the Validation methods to Validation classes that can be applied in a [http://en.wikipedia.org/wiki/Strategy_pattern Strategy Pattern]. This means that rather than having specific methods such as validateCreditCard and validateEmailAddress there would be a Validator interface which would be implemented by classes like CreditCardValidator and EmailAddressValidator. This is analogous to the Encoding classes in ESAPI. This offers the benefit that new Validation classes can be created and current Validation classes can be modified without changing the interface. Additionally, Validators can be stacked to provide multiple forms of validation</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=46028Orange County2008-11-06T17:45:18Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<paypal>Orange County</paypal><br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Dec 17, 2008<br />
Microsoft Campus<br />
Details to come<br />
<br />
'''Previous Meetings'''<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting!<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=OWASP_Working_Session_Enterprise_Security_API_Project&diff=45292OWASP Working Session Enterprise Security API Project2008-10-31T22:15:18Z<p>Alexsmolen: /* Working Session Participants */</p>
<hr />
<div>{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Enterprise Security API Project '''<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|In this working session we will consider all aspects of the Enterprise Security API project. The goal of the project is to simplify security for developers to make secure code more likely. To achieve this goal we define clean intuitive APIs for standard security functionality. Ideally, these APIs will cover common security controls across web applications, web services, and even rich client applications. This working session will review the state of the project, discuss technical issues, discuss "marketing" of the project, prioritize project work items, and browbeat attendees into joining the project and making the world a safer place.<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<br />
[[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]]<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams'''] <br />
| style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:arshan.dabirsiaghi(at)aspectsecurity.com '''Arshan Dabirsiaghi''']<br />
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-esapi '''Subscription Page''']<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"><br />
Introduce everyone to the idea and cost-benefits of an ESAPI. <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] <br />
| style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5, 2008 <br>1:00 PM<br />
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees" <br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
<br />
{|style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="left"|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES''' <br />
|-<br />
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions <br />
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group''' <br />
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|A volunteer to lead the 'marketing' campaign for ESAPI. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Prioritized list of marketing ideas for the ESAPI concept. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Prioritized list of ideas for improving the API. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|Fill in here.<br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|}<br />
== Working Session Participants ==<br />
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS''' <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|'''Name'''<br />
| style="width:15%; background:#cccccc" align="center"|'''Company'''<br />
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|1<br />
| style="width:15%; background:#cccccc" align="center"|Matt Tesauro<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Live CD Project Lead<br />
| style="width:63%; background:#cccccc" align="center"|Curious about how various "ports" should be handled (lang != Java) <br> Run them as separate projects or sub-projects. How are they synchronized, if at all? What state are they in? How bad will the browbeating be?<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|2<br />
| style="width:15%; background:#cccccc" align="center"|Andrea Cogliati<br />
| style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY<br />
| style="width:63%; background:#cccccc" align="center"|Interested in porting to other platforms (Ruby&Rails) and in integration issues with existing framework (Struts, Spring, ...)<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|3<br />
| style="width:15%; background:#cccccc" align="center"|Alex Smolen<br />
| style="width:15%; background:#cccccc" align="center"|Foundstone<br />
| style="width:63%; background:#cccccc" align="center"|Author and Project Leader for .NET ESAPI<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|4<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|5<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|6<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"| <br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|7<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|8<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|9<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|10<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|}<br />
If needed add here more lines.<br />
<br />
[[Category:OWASP_Working_Session]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=OWASP_Working_Session_-_.NET_Project&diff=45291OWASP Working Session - .NET Project2008-10-31T22:13:45Z<p>Alexsmolen: /* Working Session Participants */</p>
<hr />
<div>{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#b3b3b3; color:white"|<font color="black">'''Working Sessions Operational Rules''' - [[:Working Sessions Methodology|'''Please see here the general frame of rules''']].<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION IDENTIFICATION''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Work Session Name'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP .NET Project'''<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|OWASP secures .NET web applications and services. This working session will promote the OWASP .NET initiative, and discuss the roadmap for OWASP .NET for 2009. Additional objectives include discussing vulnerability research, application review and guidance for .NET and Mono (Open Source .NET) projects.<br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)''' <br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<br />
[[:Category:OWASP .NET Project|OWASP .NET Project]]<br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>[mailto:mark.roxberry(at)owasp.org '''Mark Roxberry'''] <br />
| style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:colin(at)watsonhall.com '''Colin Watson''']<br />
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-dotnet '''Subscription Page''']<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION SPECIFICS''' <br />
|-<br />
| style="width:15%; background:#7B8ABD" align="center"|'''Objectives'''<br />
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black"><br />
* Discuss audience and purpose of the OWASP .NET project,<br />
* Prepare OWASP .NET neutrality statement,<br />
* Discuss .NET and Mono SDL Best Practices and OWASP tools and documentation,<br />
* Discuss Vulnerability Research in the .NET and Mono Ecosystem. <br />
|-<br />
| style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''<br />
| style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]] <br />
| style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 4 & 6, 2008 <br>Time TBD<br />
| style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Everybody is a Participant"<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
<br />
{|style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.<br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:white; color:white"|<font color="black"><br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' <br />
|-<br />
| style="width:100%; background:#cccccc" align="left"|<br />
* Objective 1: Establish purpose and audience of the OWASP .NET project. There are lots of resources and tools, why do we need OWASP .NET, who are our audiences, how do we reach them.<br />
* Objective 2: Statement to OWASP .NET's purpose. As we work closely with Microsoft folks, they've discussed providing content, which is great, but we need to clearly state OWASP .NET's neutrality. The Summit is a good place for this action. I will have a draft for discussion prior to the working session.<br />
* Objective 3: OWASP sponsored vulnerability research / web application review / guidance on .NET/Mono projects, like Sharepoint, Silverlight, Community Server, Wikipedia Search (Mono), DekiWiki (Mono) etc. <br />
|}<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="3" align="center" style="background:#4058A0; color:white"|'''WORKING SESSION OUTCOMES''' <br />
|-<br />
| style="width:7%; background:#6C82B5" align="center"|Statements, Initiatives or Decisions <br />
| style="width:46%; background:#b3b3b3" align="center"|'''Proposed by Working Group''' <br />
| style="width:47%; background:#b3b3b3" align="center"|'''Approved by OWASP Board'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|OWASP .NET Project Roadmap for 2009. <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:46%; background:#C2C2C2" align="center"|OWASP .NET Neutrality Statement <br />
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. <br />
|}<br />
== Working Session Participants ==<br />
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)<br />
{| style="width:100%" border="0" align="center"<br />
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION PARTICIPANTS''' <br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|'''Name'''<br />
| style="width:15%; background:#cccccc" align="center"|'''Company'''<br />
| style="width:63%; background:#cccccc" align="center"|'''Notes & reason for participating, issues to be discussed/addressed'''<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|1<br />
| style="width:15%; background:#cccccc" align="center"|Alex Smolen<br />
| style="width:15%; background:#cccccc" align="center"|Foundstone<br />
| style="width:63%; background:#cccccc" align="center"|Interested in discussing OWASP .NET projects, including .NET ESAPI<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|2<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|3<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|4<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|5<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|6<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"| <br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|7<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|8<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|9<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|-<br />
| style="width:7%; background:#7B8ABD" align="center"|10<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:15%; background:#cccccc" align="center"|<br />
| style="width:63%; background:#cccccc" align="center"|<br />
|}<br />
If needed add here more lines.<br />
<br />
[[Category:OWASP_Working_Session]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42918.NET ESAPI2008-10-11T00:01:15Z<p>Alexsmolen: /* Working with the .NET ESAPI */</p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
=Project Goals=<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
=Working with the .NET ESAPI=<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library binary from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/OWASP%20.NET%20ESAPI%20Documentation.chm here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
=Administrative=<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].<br />
<br />
[[Category:OWASP Enterprise Security API]]<br />
[[Category:OWASP .NET Project]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42916.NET ESAPI2008-10-11T00:00:19Z<p>Alexsmolen: /* Working with the .NET ESAPI */</p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
=Project Goals=<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
=Working with the .NET ESAPI=<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. <br />
<br />
Download the latest .NET ESAPI library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation [http://owasp-esapi-dotnet.googlecode.com/files/OWASP%20.NET%20ESAPI%20Documentation.chm here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
=Administrative=<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].<br />
<br />
[[Category:OWASP Enterprise Security API]]<br />
[[Category:OWASP .NET Project]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42915.NET ESAPI2008-10-10T23:59:53Z<p>Alexsmolen: /* Working with the .NET ESAPI */</p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
=Project Goals=<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
=Working with the .NET ESAPI=<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. Download the latest .NET ESAPI library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here]. <br />
<br />
Download the latest .NET ESAPI documentation [http://owasp-esapi-dotnet.googlecode.com/files/OWASP%20.NET%20ESAPI%20Documentation.chm here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
=Administrative=<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].<br />
<br />
[[Category:OWASP Enterprise Security API]]<br />
[[Category:OWASP .NET Project]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42914.NET ESAPI2008-10-10T23:09:34Z<p>Alexsmolen: </p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
=Project Goals=<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
=Working with the .NET ESAPI=<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. Download the latest .NET ESAPI library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
=Administrative=<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].<br />
<br />
[[Category:OWASP Enterprise Security API]]<br />
[[Category:OWASP .NET Project]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42787.NET ESAPI2008-10-09T19:52:58Z<p>Alexsmolen: </p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
=Project Goals=<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
=Working with the .NET ESAPI=<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. Download the latest .NET ESAPI library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
=Administrative=<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].<br />
<br />
[[Category:OWASP Enterprise Security API]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42664.NET ESAPI2008-10-08T22:28:41Z<p>Alexsmolen: </p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. Download the latest .NET ESAPI library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42663.NET ESAPI2008-10-08T22:28:11Z<p>Alexsmolen: </p>
<hr />
<div>The .NET ESAPI project brings the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. Download the library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=42662.NET ESAPI2008-10-08T22:27:34Z<p>Alexsmolen: </p>
<hr />
<div>The .NET ESAPI project is a complete rewrite of the Java-based [http://www.owasp.org/index.php/ESAPI ESAPI Project] to the .NET platform. <br />
<br />
The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications. While this is a complete translation of the API, there are some minor differences between the original ESAPI and the .NET ESAPI.<br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. Download the library directly from Google Code [http://owasp-esapi-dotnet.googlecode.com/files/Owasp.Esapi.dll here].<br />
<br />
To download and work with the source you must use an SVN tool.<br />
<br />
[http://ankhsvn.open.collab.net/ AnkhSVN] is a free SVN tool that integrates with Visual Studio.<br />
<br />
You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].<br />
<br />
The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen].</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=39063.NET ESAPI2008-09-10T01:19:31Z<p>Alexsmolen: </p>
<hr />
<div>The .NET ESAPI project is a complete rewrite of the [http://www.owasp.org/index.php/ESAPI ESAPI Project], from Java to C#. The project lead is [mailto:meATalexsmolenDOTcom Alex Smolen]. The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications.<br />
<br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=36475Orange County2008-08-19T05:39:31Z<p>Alexsmolen: </p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen].<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Aug 27, 2008, 7 PM - 9 PM<br />
603 Valencia, Brea, CA 92822<br />
[http://maps.google.com/maps?f=q&hl=en&geocode=&q=603+valencia,+Brea,+CA+92822&sll=33.911348,-117.851629&sspn=0.009865,0.022745&ie=UTF8&ll=33.909478,-117.852917&spn=0.009866,0.022745&z=16&iwloc=addr Google Map]<br />
<br />
Come meet up with web security professionals, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting!<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=SoCal&diff=36474SoCal2008-08-19T05:31:39Z<p>Alexsmolen: </p>
<hr />
<div>This chapter is no longer active. Please visit the [http://www.owasp.org/index.php/Orange_County Orange County] or [http://www.owasp.org/index.php/Los_Angeles Los Angeles] chapter pages.</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=36473Orange County2008-08-19T05:23:03Z<p>Alexsmolen: </p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Meeting Data - Aug 27, 2008, 6 PM - 8 PM<br />
Meeting Location - 603 S. Valencia, Brea, CA 92822<br />
<br />
Come meet up with web security professional, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting!<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=36472Orange County2008-08-19T05:22:17Z<p>Alexsmolen: /* Local News */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Come meet up with web security professional, have some pizza, and offer your thoughts for the direction of the OC chapter at our inaugural meeting!<br />
<br />
Meeting Data - Aug 27, 2008, 6 PM - 8 PM<br />
Meeting Location - 603 S. Valencia, Brea, CA 92822<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
[[Category:California]]</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=.NET_ESAPI&diff=34327.NET ESAPI2008-07-18T21:37:19Z<p>Alexsmolen: New page: The .NET ESAPI project is a complete rewrite of the [http://www.owasp.org/index.php/ESAPI ESAPI Project], from Java to C#. The project lead is [mailto:me@alexsmolen.com Alex Smolen]. The g...</p>
<hr />
<div>The .NET ESAPI project is a complete rewrite of the [http://www.owasp.org/index.php/ESAPI ESAPI Project], from Java to C#. The project lead is [mailto:me@alexsmolen.com Alex Smolen]. The goal of the project is to maintain an API and reference library for ASP.NET developers who want to create secure applications.<br />
<br />
<br />
The code for the ESAPI is currently in [http://code.google.com/p/owasp-esapi-dotnet/ Google Code]. You can also [http://code.google.com/p/owasp-esapi-dotnet/source/browse browse the source].</div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=34323Orange County2008-07-18T21:11:17Z<p>Alexsmolen: /* 2008 Upcoming Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Meeting Data - Aug 26, 2008, 6 PM - 8 PM<br />
Meeting Location - TBD<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=34322Orange County2008-07-18T21:10:53Z<p>Alexsmolen: /* Orange County OWASP Board Members */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Meeting Data - Aug 26, 2008, 6 PM - 8 PM<br />
Meeting Location - TBD<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
[mailto:javapro13@hotmail.com Kartik Trivedi]<br><br />
[mailto:me@alexsmolen.com Alex Smolen]<br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=34321Orange County2008-07-18T21:08:40Z<p>Alexsmolen: /* Orange County OWASP Board Members */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Meeting Data - Aug 26, 2008, 6 PM - 8 PM<br />
Meeting Location - TBD<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<!--<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br />
--><br />
<br />
<a href="mailto:javapro13@hotmail.com">Kartik Trivedi</a><br />
<a href="mailto:me@alexsmolen.com">Alex Smolen</a><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=34320Orange County2008-07-18T20:58:41Z<p>Alexsmolen: /* 2008 Upcoming Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Next Meeting'''<br />
<br />
Meeting Data - Aug 26, 2008, 6 PM - 8 PM<br />
Meeting Location - TBD<br />
<br />
We are looking for speakers and venue sponsors for the next meeting. If you are interested, please contact the chapter leaders <br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=33835Orange County2008-07-10T19:49:26Z<p>Alexsmolen: /* Orange County OWASP Board Members */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Jan</b><br />
-Location TBD<br />
<br />
<b>Feb</b><br />
-Location TBD<br />
<br />
<b>Mar</b><br />
-Location TBD<br />
<br />
<b>Apr</b><br />
-Location TBD<br />
<br />
<b>May</b><br />
-Location TBD<br />
<br />
<b>June</b><br />
-Location TBD<br />
<br />
<b>Jul</b><br />
-Location TBD<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
<b>Sept</b><br />
-Location TBD<br />
<br />
<b>Oct</b><br />
-Location TBD<br />
<br />
<b>Nov</b><br />
-Location TBD<br />
<br />
<b>Dec</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<ul><br />
*<b>Orange County President</b> [mailto: TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=33834Orange County2008-07-10T19:49:12Z<p>Alexsmolen: /* Orange County OWASP Board Members */</p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Jan</b><br />
-Location TBD<br />
<br />
<b>Feb</b><br />
-Location TBD<br />
<br />
<b>Mar</b><br />
-Location TBD<br />
<br />
<b>Apr</b><br />
-Location TBD<br />
<br />
<b>May</b><br />
-Location TBD<br />
<br />
<b>June</b><br />
-Location TBD<br />
<br />
<b>Jul</b><br />
-Location TBD<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
<b>Sept</b><br />
-Location TBD<br />
<br />
<b>Oct</b><br />
-Location TBD<br />
<br />
<b>Nov</b><br />
-Location TBD<br />
<br />
<b>Dec</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<ul><br />
*<b>Orange County President</b> [mailto:TBD] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP<br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=33833Orange County2008-07-10T19:48:44Z<p>Alexsmolen: </p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Jan</b><br />
-Location TBD<br />
<br />
<b>Feb</b><br />
-Location TBD<br />
<br />
<b>Mar</b><br />
-Location TBD<br />
<br />
<b>Apr</b><br />
-Location TBD<br />
<br />
<b>May</b><br />
-Location TBD<br />
<br />
<b>June</b><br />
-Location TBD<br />
<br />
<b>Jul</b><br />
-Location TBD<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
<b>Sept</b><br />
-Location TBD<br />
<br />
<b>Oct</b><br />
-Location TBD<br />
<br />
<b>Nov</b><br />
-Location TBD<br />
<br />
<b>Dec</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<ul><br />
*<b>Orange County President</b> [mailto:marc(at)marcmaiffret.com Marc Maiffret] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP <br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolenhttps://wiki.owasp.org/index.php?title=Orange_County&diff=33832Orange County2008-07-10T19:48:21Z<p>Alexsmolen: </p>
<hr />
<div>{{Chapter Template|chaptername=Orange County|extra=The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Orange_County|emailarchives=http://lists.owasp.org/pipermail/owasp-Orange_County}}<br />
<br />
The chapter leaders are [mailto:javapro13@hotmail.com Kartik Trivedi] and [mailto:me@alexsmolen.com Alex Smolen]<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
<br />
= 2008 Upcoming Events =<br />
Call for Papers (CFP) is NOW OPEN ~ to submit educational topic for upcoming meeting please submit your BIO and talk abstract via email. When accepted it will be required to use the following powerpoint [http://www.owasp.org/images/5/54/Presentation_template.ppt OWASP Template] To <b>sponsor or host a upcoming event</b> in Orange County please contact one of the board members below via email from more information.<br />
<br />
<b>Jan</b><br />
-Location TBD<br />
<br />
<b>Feb</b><br />
-Location TBD<br />
<br />
<b>Mar</b><br />
-Location TBD<br />
<br />
<b>Apr</b><br />
-Location TBD<br />
<br />
<b>May</b><br />
-Location TBD<br />
<br />
<b>June</b><br />
-Location TBD<br />
<br />
<b>Jul</b><br />
-Location TBD<br />
<br />
<b>Aug</b><br />
-Location TBD<br />
<br />
<b>Sept</b><br />
-Location TBD<br />
<br />
<b>Oct</b><br />
-Location TBD<br />
<br />
<b>Nov</b><br />
-Location TBD<br />
<br />
<b>Dec</b><br />
-Location TBD<br />
<br />
= Orange County OWASP Board Members =<br />
<ul><br />
*<b>Orange County President</b> [mailto:marc(at)marcmaiffret.com Marc Maiffret] <br />
*<b>Orange County Vice President</b> [mailto: TBD]<br />
*<b>Orange County Treasurer:</b> [mailto: TBD] <br />
*<b>Orange County Recording Secretary:</b> [mailto: TBD]<br />
*<b>Orange County Board Member</b> [mailto: TBD]<br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
*<b>Orange County Board Member:</b> [mailto: TBD] <br />
<br />
<br />
<u>The chapter mailing address is:</u><br><br />
ORANGE COUNTY OWASP <br><br />
Address<br><br />
City, State Zip <br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br><br />
<br></div>Alexsmolen