This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI Summit"
From OWASP
Mikehfauzy (talk | contribs) (→Summit Overview) |
|||
| Line 1: | Line 1: | ||
| − | == Summit Overview == | + | == Summit 2011 == |
| + | |||
| + | === Summit Overview === | ||
| + | |||
| + | The ESAPI Summit will be held on | ||
| + | |||
| + | === Agenda === | ||
| + | |||
| + | * 09:00 - 09:30 Mission Briefing | ||
| + | ** Review Project Definition and Mission Statement (update if necc.) | ||
| + | * 09:30 - 10:30 Brain Dump | ||
| + | ** Get everyones "big-picture" ideas up on the board | ||
| + | ** Brief statement about each, this should be a fast-paced Mind-Mapping Exercise aimed to get as many ideas as we can on the board as quickly as possible | ||
| + | * 10:30 - 10:45 Break time | ||
| + | ** Good job, get some coffee and some air and get prepared for the real work. | ||
| + | * 10:45 - 12:00 Bug Hunt | ||
| + | ** Review the list of existing ESAPI Bugs, assign a champion to them, and prioritize per champion | ||
| + | * 12:00 - 13:00 Lunch - Open Conversation | ||
| + | ** Lunch to be provided by OWASP/ESAPI | ||
| + | * 13:00 - 15:00 Where do we go now? | ||
| + | ** Now that the bugs are fresh in our heads, let's revisit our master wish-list from earlier and prioritize future enhancements, lay them out into a version roadmap (not a calendar roadmap). Some of these enhancements will likely jump out as high-priority and others as nice-to-haves. It should also be remembered, that a version roadmap is a organic document, it will constantly change and evolve to meet the demands of our users. This is just a first step in getting such a roadmap in place. | ||
| + | * 15:00 - 15:15 Break time | ||
| + | ** Get some air, there is sure to be some great debate to reflect on | ||
| + | * 15:15 - 16:00 Formally define the following policies | ||
| + | ** Becoming a Committer | ||
| + | ** Submitting Contributed Components | ||
| + | ** Reporting Security Vulnerabilities | ||
| + | * 16:00 - 18:00 ?? | ||
| + | |||
| + | === Attending the ESAPI Summit === | ||
| + | |||
| + | If you are planning to attend this summit, please list your name below so that we can ensure that we have adequate space and materials for everyone. | ||
| + | |||
| + | |||
| + | |||
| + | == Summit 2008 == | ||
| + | |||
| + | === Summit Overview === | ||
The first OWASP ESAPI Summit was held December 9-11, 2008. It was hosted by Aspect Security in their Columbia, MD office. | The first OWASP ESAPI Summit was held December 9-11, 2008. It was hosted by Aspect Security in their Columbia, MD office. | ||
| Line 26: | Line 63: | ||
Summary: TODO | Summary: TODO | ||
| − | == Links == | + | === Links === |
* [[ESAPI Charter]] | * [[ESAPI Charter]] | ||
| Line 41: | Line 78: | ||
* [[ESAPI Installation]] | * [[ESAPI Installation]] | ||
| − | == Design == | + | === Design === |
* [[ESAPI API]] | * [[ESAPI API]] | ||
| − | == Features == | + | === Features === |
* [[ESAPI Validation]] | * [[ESAPI Validation]] | ||
Revision as of 16:15, 27 May 2011
Summit 2011
Summit Overview
The ESAPI Summit will be held on
Agenda
- 09:00 - 09:30 Mission Briefing
- Review Project Definition and Mission Statement (update if necc.)
- 09:30 - 10:30 Brain Dump
- Get everyones "big-picture" ideas up on the board
- Brief statement about each, this should be a fast-paced Mind-Mapping Exercise aimed to get as many ideas as we can on the board as quickly as possible
- 10:30 - 10:45 Break time
- Good job, get some coffee and some air and get prepared for the real work.
- 10:45 - 12:00 Bug Hunt
- Review the list of existing ESAPI Bugs, assign a champion to them, and prioritize per champion
- 12:00 - 13:00 Lunch - Open Conversation
- Lunch to be provided by OWASP/ESAPI
- 13:00 - 15:00 Where do we go now?
- Now that the bugs are fresh in our heads, let's revisit our master wish-list from earlier and prioritize future enhancements, lay them out into a version roadmap (not a calendar roadmap). Some of these enhancements will likely jump out as high-priority and others as nice-to-haves. It should also be remembered, that a version roadmap is a organic document, it will constantly change and evolve to meet the demands of our users. This is just a first step in getting such a roadmap in place.
- 15:00 - 15:15 Break time
- Get some air, there is sure to be some great debate to reflect on
- 15:15 - 16:00 Formally define the following policies
- Becoming a Committer
- Submitting Contributed Components
- Reporting Security Vulnerabilities
- 16:00 - 18:00 ??
Attending the ESAPI Summit
If you are planning to attend this summit, please list your name below so that we can ensure that we have adequate space and materials for everyone.
Summit 2008
Summit Overview
The first OWASP ESAPI Summit was held December 9-11, 2008. It was hosted by Aspect Security in their Columbia, MD office.
The following were the attendees of the Summit:
- Jeff Williams, Aspect Security - ESAPI Project Lead
- Dave Wichers, Aspect Security - ESAPI Java Committer
- Ron Monzillo, Sun Microsystems - Java EE Security Architect
- Arshan Dabirsiaghi, Aspect Security - OWASP Intrisic Security Working Group Chair
- Jerry Hoff, Aspect Security
- Mike Fauzy, Aspect Security
- Kevin Fealey, Aspect Security - ESAPI Swingset Lead
- Jim Manico, Aspect Security - ESAPI Java Committer
- Steve Lavenhar, Booz Allen Hamilton
- Lian Jin, Booz Allen Hamilton
- John Steven, Cigital, Technical Director
- Joel Winstead, Cigital
- Alex Smolen, Foundstone - ESAPI .NET Lead
- Andy Miller, Lockheed Martin
- John Munsch, Lockheed Martin
- Steve Christey, MITRE - CVE/CWE Project Lead
The following pages contain our thoughts/results from the summit.
Summary: TODO
Links
- ESAPI Charter
- ESAPI Roadmap
- ESAPI Adoption Strategy
- ESAPI Framework Strategy
- ESAPI Assurance
- ESAPI Documentation
- ESAPI Marketing
- ESAPI Tooling
- ESAPI Static Analysis Support
- ESAPI Performance
- ESAPI Internationalization
- ESAPI Installation
