-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello everyone,
My name is Chris Todd, and I have been lurking on this list for some
time, even putting in my two cents from time to time. I have not yet
made any real contributions because I was working out some IP rights
and confidentiality agreement issues with my employer. Now that I
have that mess all squared away, I am eager to contribute to the
Filters API.
I am currently a security consultant for Ernst & Young, where I have
performed quite a few web application audits, both from a black box
and white box perspective, including source code level reviews. I've
done other work at EY, but most of it has no relevance to this group
(PKI, security policy development, and LDAP stuff). Prior to joining
EY, I was a web applications developer for Alabanza Corporation, a
website hosting company, where I wrote Perl and PHP scripts that
helped automate the tasks associated with administering a
Linux/Apache/MySQL/Perl/PHP-based web server. I was working on a
team to help port all of that code to JSPs and servlets when I was
laid off in a typical dot com story. Despite the work I did in Perl
and PHP, I consider Java my strongest programming language. I have
no experience with C, C++, Python, .NET, or Cold Fusion. I have a
teeny tiny little bit of experience with VBScript for doing Active
Server Pages.
My motivation for working on the Filters API is that I am getting
sick and tired of seeing web app developers make the same mistakes
over and over again, either through ignorance or apathy. I want to
be able to perform a web app audit, and when I see that they don't
filter user input (I have yet to review a web app that does), I can
point to the Filters API and say "There, go use that!" :-)
While I would love to help write the Java port of the Filters API, I
suspect we will have more than enough Java programmers to get the job
done. I am not terribly confident that my Perl and PHP skills are up
to the task of working on those ports, but I'm more than willing to
give it a shot. Where I think I can make a strong contribution,
however, is in the department of documentation and testing. I would
be more than happy to help document the Filters API, and I am already
well on my way to creating a simple to use testing suite that will
help us validate that the Filters API actually works the way we
expect it to. I hope to submit some beta code for that sometime soon
(maybe by the end of this weekend, depending on family commitments).
I look forward to working with you all,
Chris
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPVh1Kw1yj8e2/NpyEQIQzQCgteYiXFuWFPoiIfljPuTTo4Xaz8wAniP5
LUgvO8wRIteXlFTvqYB9yVJQ
=mE7j
-----END PGP SIGNATURE-----
|
