This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ESAPI Documentation"
From OWASP
(→Documentation Plan) |
(→Documentation Plan) |
||
| Line 7: | Line 7: | ||
* Smaller Documents | * Smaller Documents | ||
** ESAPI Executive Overview | ** ESAPI Executive Overview | ||
| − | ** FAQ | + | Audience: Executives<br> |
| + | Purpose: To provide executives with an understanding of: | ||
| + | * What ESAPI is? Goals. | ||
| + | * Why an ESAPI is necessary. (App Sec is important/why/standardization) | ||
| + | * The benefits of using an ESAPI? (Cost, ROI) | ||
| + | * The current status of ESAPI? (Maturity, Stability, Licensing, Support) | ||
| + | * Who created it, where it came from, credibility, who is using it? | ||
| + | * How to adopt an ESAPI? | ||
| + | Outline: (See Purpose) | ||
| + | ** FAQ (For non-users) | ||
| + | Audience: Potential users of ESAPI<br> | ||
| + | Purpose: To provide 'quick' hit, information about ESAPI<br> | ||
| + | Topics: Summary of main points in the Executive Overview<br> | ||
| + | ** FAQ (For people using ESAPI) | ||
| + | Audience (Technical people using ESAPI)<br> | ||
| + | Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls. | ||
| + | Outline: | ||
| + | * How to use it the first time | ||
| + | * Performance | ||
<br> | <br> | ||
* Larger Documents | * Larger Documents | ||
** Getting Started Guide | ** Getting Started Guide | ||
| − | |||
** How to Secure an Existing Application with ESAPI | ** How to Secure an Existing Application with ESAPI | ||
** How to Use ESAPI in a New Application | ** How to Use ESAPI in a New Application | ||
| + | ** How to Create a Custom ESAPI for Your Organization | ||
<br> | <br> | ||
| − | * | + | * Web pages |
** Revamp the ESAPI Website | ** Revamp the ESAPI Website | ||
| + | ** How will the ESAPI be updated and released. | ||
| + | ** CWEs addressed by ESAPI - Assigned to Steve Christy | ||
** Features List | ** Features List | ||
| + | <br> | ||
| + | * Other | ||
** ESAPI Architecture/Design Guideline | ** ESAPI Architecture/Design Guideline | ||
** Assurance Argument [[ESAPI_Assurance]] | ** Assurance Argument [[ESAPI_Assurance]] | ||
| − | |||
| − | |||
Revision as of 18:09, 11 December 2008
Overview
TODO
Documentation Plan
- Smaller Documents
- ESAPI Executive Overview
Audience: Executives
Purpose: To provide executives with an understanding of:
- What ESAPI is? Goals.
- Why an ESAPI is necessary. (App Sec is important/why/standardization)
- The benefits of using an ESAPI? (Cost, ROI)
- The current status of ESAPI? (Maturity, Stability, Licensing, Support)
- Who created it, where it came from, credibility, who is using it?
- How to adopt an ESAPI?
Outline: (See Purpose)
- FAQ (For non-users)
Audience: Potential users of ESAPI
Purpose: To provide 'quick' hit, information about ESAPI
Topics: Summary of main points in the Executive Overview
- FAQ (For people using ESAPI)
Audience (Technical people using ESAPI)
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls.
Outline:
- How to use it the first time
- Performance
- Larger Documents
- Getting Started Guide
- How to Secure an Existing Application with ESAPI
- How to Use ESAPI in a New Application
- How to Create a Custom ESAPI for Your Organization
- Web pages
- Revamp the ESAPI Website
- How will the ESAPI be updated and released.
- CWEs addressed by ESAPI - Assigned to Steve Christy
- Features List
- Other
- ESAPI Architecture/Design Guideline
- Assurance Argument ESAPI_Assurance
