This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "ESAPI Summit"

From OWASP
Jump to: navigation, search
(Updating date of the AppSec USA-specific ESAPI summit to September 21, 2011 (it was previously the 20th), and hyperlinking to appsecusa.org.)
Line 7: Line 7:
 
=== Agenda ===
 
=== Agenda ===
  
* 09:00 - 09:30 Mission Briefing
+
{|  cellpadding="2" cellspacing="2" style="border: 2px solid black;"
** Review Project Definition and Mission Statement (update if necc.)
+
|- style="background-color: navy;"
* 09:30 - 10:30 Brain Dump
+
! style="color: white;" | Start
** Get everyones "big-picture" ideas up on the board
+
! style="color: white;" | End
** Brief statement about each, this should be a fast-paced Mind-Mapping Exercise aimed to get as many ideas as we can on the board as quickly as possible
+
! style="color: white;" | Topic
* 10:30 - 10:45 Break time
+
! style="color: white;" | Description
** Good job, get some coffee and some air and get prepared for the real work.
+
! style="color: white;" | Deliverables
* 10:45 - 12:00 Bug Hunt
+
|-style="background-color: lightgray;"
** Review the list of existing ESAPI Bugs, assign a champion to them, and prioritize per champion
+
| 0900
* 12:00 - 13:00 Lunch - Open Conversation
+
| 0930
** Lunch to be provided by OWASP/ESAPI  
+
| Mission Briefing
* 13:00 - 15:00 Where do we go now?
+
| Brief summary of where we've been, administrative changes, and outlining the goals and purpose of the Summit
** Now that the bugs are fresh in our heads, let's revisit our master wish-list from earlier and prioritize future enhancements, lay them out into a version roadmap (not a calendar roadmap). Some of these enhancements will likely jump out as high-priority and others as nice-to-haves. It should also be remembered, that a version roadmap is a organic document, it will constantly change and evolve to meet the demands of our users. This is just a first step in getting such a roadmap in place.
+
| n/a
* 15:00 - 15:15 Break time
+
|-  
** Get some air, there is sure to be some great debate to reflect on
+
| 0930
* 15:15 - 16:00 Formally define the following policies
+
| 1030
** Becoming a Committer
+
| The ESAPI Specification 1.0
** Submitting Contributed Components
+
| Review the high level API and determine what methods should remain as '''core''' API's and what should be moved upstream to higher level API's (ie ESAPI-Web, ESAPI-Mobile, etc)
** Reporting Security Vulnerabilities
+
|
* 16:00 - 18:00 Aligning the ESAPI Projects
+
* [[ESAPI Specification Overview]]
** How do we bring all of the implementations into alignment as far as the API is concerned
+
|- style="background-color: lightblue;"
** How do we ensure that all implements adhere to the contract of the API
+
| 1030
** What level of adherement to the specification do we enforce to "sign off" on various implementations
+
| 1045
 
+
| colspan="3" | Coffee Break
=== Deliverables ===
+
|- style="background-color: lightgray;"
 
+
| 1045
 +
| 1200
 +
| The ESAPI Specification 1.0
 +
| colspan="2" | Continuation of the API Specification
 +
|- style="background-color: lightblue;"
 +
| 1200
 +
| 1300
 +
| colspan="3" | Lunch Break and Open Conversation (Provided by OWASP/ESAPI)
 +
|- style="background-color: lightgray;"
 +
| 1300
 +
| 1400
 +
| The ESAPI Roadmap
 +
| Take a look at the existing Roadmap, create the roadmap for the next several release cycles.
 +
|
 
* [[ESAPI Roadmap]]
 
* [[ESAPI Roadmap]]
* [[How to become a committer]]
+
|-
* [[How to submit contributions]]
+
| 1400
* [[How to report security vulnerabilities]]
+
| 1500
* [[ESAPI Cross Platform Specification]]
+
| ESAPI Policies
 +
| Formally define how to processes for contributers, community, sponsors, submitting issues, reporting security vulnerabilities
 +
|
 +
* [[ESAPI How To Contribute]]
 +
* [[ESAPI Community Contributions]]
 +
* [[ESAPI Sponsoring]]
 +
* [[ESAPI Submitting Issues]]  
 +
* [[ESAPI Vulnerability Reporting]]
 +
|- style="background-color: lightgray;"
 +
| 1500
 +
| 1630
 +
| ESTAPI Framework
 +
| How do we test and ensure that implementations meet the specifications defined in the API in a cross-platform and demonstratible manner?
 +
|
 +
* [[ESAPI Testing Framework]]
 +
|- style="background-color: lightblue;"
 +
| 1630
 +
| 1645
 +
| colspan="3" | Coffee Break
 +
|-
 +
| 1645
 +
| 1745
 +
| Documentation
 +
| Identify a Roadmap for ESAPI Documentation. Elect someone to champion this cause and find resources to address the documentation needs. Determine funding levels and budget needed for documentation to happen.
 +
|
 +
* [[ESAPI Documentation Roadmap]]
 +
* [[ESAPI Documentation Sub-Project]]
 +
* [[ESAPI Documentation Sub-Project Budget]]
 +
|- style="background-color: lightgray;"
 +
| 1745
 +
| 1800
 +
| Mission De-Briefing
 +
| We have accomplished a lot in the last 3 years as a team. This will be a quick wrap-up by Chris on the 2nd ESAPI Summit Day.
 +
| n/a
 +
|- style="background-color: lightblue;"
 +
| 1800
 +
| ????
 +
| ESAPI 2.0GA Release Celebration
 +
| Celebrate the release of ESAPI 2.0GA (and beyond) with beers with the ESAPI Team (Sponsors: TBA)
 +
| n/a
 +
|}
  
 
=== Attending the ESAPI Summit ===
 
=== Attending the ESAPI Summit ===

Revision as of 22:21, 20 August 2011

Summit 2011

Summit Overview

The ESAPI Summit will be held on September 21, 2011 at OWASP AppSec USA 2011 in Minneapolis, Minnesota.

Agenda

Start End Topic Description Deliverables
0900 0930 Mission Briefing Brief summary of where we've been, administrative changes, and outlining the goals and purpose of the Summit n/a
0930 1030 The ESAPI Specification 1.0 Review the high level API and determine what methods should remain as core API's and what should be moved upstream to higher level API's (ie ESAPI-Web, ESAPI-Mobile, etc)
1030 1045 Coffee Break
1045 1200 The ESAPI Specification 1.0 Continuation of the API Specification
1200 1300 Lunch Break and Open Conversation (Provided by OWASP/ESAPI)
1300 1400 The ESAPI Roadmap Take a look at the existing Roadmap, create the roadmap for the next several release cycles.
1400 1500 ESAPI Policies Formally define how to processes for contributers, community, sponsors, submitting issues, reporting security vulnerabilities
1500 1630 ESTAPI Framework How do we test and ensure that implementations meet the specifications defined in the API in a cross-platform and demonstratible manner?
1630 1645 Coffee Break
1645 1745 Documentation Identify a Roadmap for ESAPI Documentation. Elect someone to champion this cause and find resources to address the documentation needs. Determine funding levels and budget needed for documentation to happen.
1745 1800 Mission De-Briefing We have accomplished a lot in the last 3 years as a team. This will be a quick wrap-up by Chris on the 2nd ESAPI Summit Day. n/a
1800  ???? ESAPI 2.0GA Release Celebration Celebrate the release of ESAPI 2.0GA (and beyond) with beers with the ESAPI Team (Sponsors: TBA) n/a

Attending the ESAPI Summit

If you are planning to attend this summit, please list your name below so that we can ensure that we have adequate space and materials for everyone.

Summit 2008

Summit Overview

The first OWASP ESAPI Summit was held December 9-11, 2008. It was hosted by Aspect Security in their Columbia, MD office.

The following were the attendees of the Summit:

The following pages contain our thoughts/results from the summit.

Summary: TODO

Links

Design

Features