All geek questions in one place

Is ESAPI.NET a dead project?

Recently, I have been tasked with making efforts to improve our input (and output) validation, taking into account OWASP recommendations and PCI compliance. In the process, I try to evaluate the value of the ESAPI.NET project, which does not seem to have seen any activity since spring of09 and, as it stands, is incomplete.

Does anyone have experience using or extending ESAPI.NET v0.2? Is this a good start today to build the infrastructure to address targeted vulnerabilities?

FYI: I look at MS AntiXSS, which, of course, only addresses the ESAPI domain. We are already working well with SQL injection, although there are improvements we need to make.

(If anyone wants to create an ESAPI tag, feel free to. I don't have mojo.)

+3
source share
3 answers

It looks like there were a few updates last week: http://code.google.com/p/owasp-esapi-dotnet/source/list

You can contact one of the potential customers on this list to find out what is happening.

NOTE: 05/26/2012: The last update for this project was December 4, 2010. Yes, he is dead.

+4
source

The project itself seems dead, however there are some people who maintain a copy of github with a few (minor?) Additions ...

https://github.com/haldiggs/owasp-esapi-dotnet

https://github.com/jstemerdink/owasp-esapi-dotnet

+1
source

, ESAPI - . , , , , . ( , 1996?) . , swingset (, HTTP, HTTPS, HTTP).

This seems to be a dead end project.

0
source

Source: https://habr.com/ru/post/1777770/

More articles:


All Articles