Comments on: ESAPI for PHP – first tests passed http://www.greebo.net/2009/03/14/esapi-for-php-first-tests-passed/ mostly useless crap from me Sun, 21 Feb 2010 00:51:44 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Neue Sicherheit bringt der Mai - PHPUGFFM - PHP User Group Frankfurt am Main http://www.greebo.net/2009/03/14/esapi-for-php-first-tests-passed/comment-page-1/#comment-20134 Neue Sicherheit bringt der Mai - PHPUGFFM - PHP User Group Frankfurt am Main Thu, 23 Apr 2009 10:23:31 +0000 http://www.greebo.net/?p=524#comment-20134 [...] Ein erster Termin ist mit Mai 2009 angegeben. Dabei handelt es sich um eine Portierung der JAVA Referenzimplementierung. Mehr Infos auch im Blog von Andrew van der Stock. [...] [...] Ein erster Termin ist mit Mai 2009 angegeben. Dabei handelt es sich um eine Portierung der JAVA Referenzimplementierung. Mehr Infos auch im Blog von Andrew van der Stock. [...]

]]> By: vanderaj http://www.greebo.net/2009/03/14/esapi-for-php-first-tests-passed/comment-page-1/#comment-19959 vanderaj Tue, 24 Mar 2009 10:51:08 +0000 http://www.greebo.net/?p=524#comment-19959 Hi there, As it's only just started to exist, there are no current ESAPI for PHP examples. I will be porting my old forum, UltimaBB, to ESAPI for PHP and I'll donate that to OWASP as an example program. It'll use: AccessReferenceMap - for most user CP and admin CP options AccessController - replacing the current code Authenticator - replace the current autologin, remember me, change password and other code Encoder - to replace the current encoding mechanisms, particularly around themes and CSS Executor - to protect the system() calls used by the optional load banner HTTP Utilities - to replace its CSRF protection with ESAPI's, and other things IntrusionDetector - to replace / beef up the current audit functionality Logger - to replace / beef up the current logging mechanism Randomizer - for generating random values for the CAPTCHA SafeFile - to protect the uploading of attachments, icons and avatars SecureProperties - for config.php User - a non-reference implementation that suits me Essentially, it will over time use all of ESAPI for PHP, albeit with a customized version suitable for it. That forum runs a <a href="http://forums.aussieveedubbers.com/" rel="nofollow">very large site</a> I run, so it will immediately help me more than any demo application like SwingSet might. Hi there,

As it’s only just started to exist, there are no current ESAPI for PHP examples.

I will be porting my old forum, UltimaBB, to ESAPI for PHP and I’ll donate that to OWASP as an example program.

It’ll use:

AccessReferenceMap – for most user CP and admin CP options
AccessController – replacing the current code
Authenticator – replace the current autologin, remember me, change password and other code
Encoder – to replace the current encoding mechanisms, particularly around themes and CSS
Executor – to protect the system() calls used by the optional load banner
HTTP Utilities – to replace its CSRF protection with ESAPI’s, and other things
IntrusionDetector – to replace / beef up the current audit functionality
Logger – to replace / beef up the current logging mechanism
Randomizer – for generating random values for the CAPTCHA
SafeFile – to protect the uploading of attachments, icons and avatars
SecureProperties – for config.php
User – a non-reference implementation that suits me

Essentially, it will over time use all of ESAPI for PHP, albeit with a customized version suitable for it. That forum runs a very large site I run, so it will immediately help me more than any demo application like SwingSet might.

]]> By: jrosell http://www.greebo.net/2009/03/14/esapi-for-php-first-tests-passed/comment-page-1/#comment-19957 jrosell Tue, 24 Mar 2009 10:25:40 +0000 http://www.greebo.net/?p=524#comment-19957 vanderaj, do you know where i can get real world examples using ESAPI for PHP. vanderaj, do you know where i can get real world examples using ESAPI for PHP.

]]>