The Open Web Application Security Project (OWASP) is a 501(c)(3)
not-for-profit worldwide charitable organization focused on improving
the security of application software and all of OWASP's materials are
available under a free and open source software licenses.
The next release candidate of OWASP's Enterprise Security API (ESAPI)
for Java (ESAPI-2.0-rc6) has recently been released. This is the
second complete release candidate that contains the completely revamped
symmetric encryption and the first release candidate with completed user
documentation om this regard.
Before we make an official 2.0 release, we would like the completely
redesigned symmetric encryption in ESAPI to be reviewed by professional
cryptographers or security professionals with expertise in cryptography.
It shouldn't take too much time as the code-base is really fairly small--
slightly over 3900 LOC (including comments and blank lines) or approximately
1725 non-commentary source lines.
Anyhow, if you are willing to help without charge to OWASP, you can find
more details at:
http://www.owasp.org/index.php/Request_to_review_ESAPI_2.0_crypto
Thanks in advance to those of you who can help.
-kevin
-- Kevin W. Wall "The most likely way for the world to be destroyed, most
experts agree, is by accident. That's where we come in; we're computer
professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
