> Good comments man,
>
> I much prefer this level of discourse to what I saw previously.
Thank you, I appreciate that and I do value your input, John.
> I think you mistook my ultra-vague and in-specific template pattern
> reference. I made the same such reference at the 1.4 summit and no one
>
On 1/11/2010 3:42 PM, John Steven wrote:
> As a last resort, might I suggest using inheritance and encapsulation
to stitch together framework-provided cut points and ESAPI code.
This is where ESAPI will evolve. For starters, we need to get our base
controls right. :) This is the hallmark of compl
e)? -
>>>> sigh- That's a longer discussion. And, by all means, don't think you
>>>> can let your guard down on your pen-testing. Is it a silver bullet?
>>>> No.
>>>>
>>>> Is ESAPI the only approach? No. I submit that it's
s to check what
normally is
a manual process in the code review of authentication and
authorization.
Am I correct on my assumption?
Thanks,
Matt
Matt Parsons, MSM, CISSP
315-559-3588 Blackberry
817-294-3789 Home office
mailto:mparsons1...@gmail.com
http://www.parsonsisconsulting.com
http://www.
:sc-l-boun...@securecoding.org] On
Behalf Of John Steven
Sent: Thursday, January 07, 2010 1:03 PM
To: Secure Coding
Subject: Re: [SC-L] Ramesh Nagappan Blog : Java EE 6: Web Application Security
made simple ! | Core Security Patterns Weblog
Jim,
Yours was the predicted response. The ref-impl.
0 10:56 AM
To: John Steven
Cc: Secure Coding
Subject: Re: [SC-L] Ramesh Nagappan Blog : Java EE 6: Web Application Security
made simple ! | Core Security Patterns Weblog
John,
You do not need OWASP ESAPI to secure an app. But you need "A" ESAPI for your
organization in order to build sec
t security areas. You need something like OWASP ESAPI to
>>> make a secure app even remotely possible. I was once a Sun guy, and
>>> I'm very fond of Java and Sun. But JavaEE 6 does very little to
>>> raise the bar when it comes to Application Security.
>&
s,
Matt
Matt Parsons, MSM, CISSP
315-559-3588 Blackberry
817-294-3789 Home office
mailto:mparsons1...@gmail.com
http://www.parsonsisconsulting.com
http://www.o2-ounceopen.com/o2-power-users/
http://www.linkedin.com/in/parsonsconsulting
-----Original Message-
From: sc-l-boun...@securecodin
> mailto:mparsons1...@gmail.com
> http://www.parsonsisconsulting.com
> http://www.o2-ounceopen.com/o2-power-users/
> http://www.linkedin.com/in/parsonsconsulting
>
>
>
>
>
>
> -Original Message-
> From: sc-l-boun...@securecoding.org [mailto:sc-
From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org]
> On Behalf Of Kenneth Van Wyk
> Sent: Tuesday, January 05, 2010 8:59 AM
> To: Secure Coding
> Subject: [SC-L] Ramesh Nagappan Blog : Java EE 6: Web Application Security
> made simple ! | Core Security Patterns W
wer-users/
http://www.linkedin.com/in/parsonsconsulting
-Original Message-
From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org]
On Behalf Of Kenneth Van Wyk
Sent: Tuesday, January 05, 2010 8:59 AM
To: Secure Coding
Subject: [SC-L] Ramesh Nagappan Blog : Java EE 6:
Happy new year SC-Lers.
FYI, interesting blog post on some of the new security features in Java EE 6,
by Ramesh Nagappan. Worth reading for all you Java folk, IMHO.
http://www.coresecuritypatterns.com/blogs/?p=1622
Cheers,
Ken
-
Kenneth R. van Wyk
SC-L Moderator
smime.p7s
Descriptio
12 matches
Mail list logo