Friday, March 4, 2011

ESAPI and the Padding Oracle Attack

For those of you who don't read the OWASP blog (you should), the link below is, in part, what started all of this. I started out responding in an email to Jeremiah Grossman to a tweet to he had made to Jeff Williams about how quickly the ESAPI team had responded to the Padding Oracle Attack that Juliano Rizzo and Thai Duong had discovered in ESAPI. What started out a private email to a Jeremiah and a select few of the ESAPI team shortly thereafter ended up on the OWASP blog.

Anyhow, without further ado, here is the link to the OWASP blog post:
