Re: [SC-L] [Esapi-dev] OWASP CSRFGuard

2010-10-29 Thread Chris Schmidt 
My gut feel here is that we gain a lot more by merging the work done here
into ESAPI. CSRFGuard is and has been a great project, but as it stands ­
unmaintained right now (although it is a very simple project, with a very
low level of maintenance) it seems to me that a lot of traction and momentum
could be gained for the code by merging with the ESAPI project which is one
of the more active OWASP Projects AFAIK.

This is really just my $0.02 and I don¹t want to discount the work that has
been done on CSRF-Guard. As I stated it is a great project and I personally
have used it in 3 projects succesfully, but I also think that as such a
small project it seems to be an easy one to forget about in the grand scheme
of things.


On 10/29/10 9:09 AM, Jim Manico jim.man...@owasp.org wrote:

 Hello,
  
 The OWASP CSRF guard project (
 http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project ) has recently
 been deemed ³inactive² and I¹m trying to help bring it back to life.
  
 I¹m taking a survey of folks who have used CSRFGuard. In particular, I would
 like to understand any potential modifications CSRFGuard users have had  to
 make in order to implement it successfully for their website. I¹d also like to
 hear of any success stories of using CSRFGuard out of the box.
  
 Any feedback regarding this matter is greatly appreciated.
  
 Thanks kindly + Aloha,
  
 Jim Manico
 OWASP Podcast Producer
 OWASP ESAPI Project Manager
 http://manico.net
 
 
 ___
 Esapi-dev mailing list
 esapi-...@lists.owasp.org
 https://lists.owasp.org/mailman/listinfo/esapi-dev

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

Re: [SC-L] [Esapi-dev] OWASP CSRFGuard

2010-10-29 Thread Jim Manico 
 My gut feel here is that we gain a lot more by merging the work done here
into ESAPI. 

 

I agree 100%, I'm glad you said it first. J

 

- Jim

 

From: Chris Schmidt [mailto:chrisisb...@gmail.com] 
Sent: Friday, October 29, 2010 8:36 PM
To: Jim Manico; esapi-...@lists.owasp.org; SC-L@securecoding.org
Cc: owasp-lead...@lists.owasp.org
Subject: Re: [Esapi-dev] OWASP CSRFGuard

 

My gut feel here is that we gain a lot more by merging the work done here
into ESAPI. CSRFGuard is and has been a great project, but as it stands -
unmaintained right now (although it is a very simple project, with a very
low level of maintenance) it seems to me that a lot of traction and momentum
could be gained for the code by merging with the ESAPI project which is one
of the more active OWASP Projects AFAIK.

This is really just my $0.02 and I don't want to discount the work that has
been done on CSRF-Guard. As I stated it is a great project and I personally
have used it in 3 projects succesfully, but I also think that as such a
small project it seems to be an easy one to forget about in the grand scheme
of things.


On 10/29/10 9:09 AM, Jim Manico jim.man...@owasp.org wrote:

Hello,
 
The OWASP CSRF guard project (
http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project ) has
recently been deemed inactive and I'm trying to help bring it back to
life.
 
I'm taking a survey of folks who have used CSRFGuard. In particular, I would
like to understand any potential modifications CSRFGuard users have had  to
make in order to implement it successfully for their website. I'd also like
to hear of any success stories of using CSRFGuard out of the box.
 
Any feedback regarding this matter is greatly appreciated. 
 
Thanks kindly + Aloha,
 
Jim Manico
OWASP Podcast Producer
OWASP ESAPI Project Manager
http://manico.net  

  _  

___
Esapi-dev mailing list
esapi-...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/esapi-dev

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___