This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ESAPI Documentation

From OWASP
Revision as of 19:27, 11 December 2008 by Wichers (talk | contribs) (Larger Documents)

Jump to: navigation, search

Overview

This page documents our current thoughts on the various documents we need to produce for the ESAPI project, and the audience, purpose, and high level outline of each document.

Documentation Plan

Proposed Documents

Smaller Documents

  • ESAPI Executive Overview

Audience: Executives
Purpose: To provide executives with an understanding of:

  • What ESAPI is? Goals.
  • Why an ESAPI is necessary. (App Sec is important/why/standardization)
  • The benefits of using an ESAPI? (Cost, ROI)
  • The current status of ESAPI? (Maturity, Stability, Licensing, Support)
  • Who created it, where it came from, credibility, who is using it?
  • How to adopt an ESAPI?

Outline: (See Purpose)

  • FAQ (For non-users)

Audience: Potential users of ESAPI
Purpose: To provide 'quick' hit, information about ESAPI
Topics: Summary of main points in the Executive Overview

  • FAQ (For people using ESAPI)

Audience (Technical people using ESAPI)
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls. Outline:

  • How to use it the first time
  • Common usage issues
  • Common extension questions
  • Performance


Larger Documents

Getting Started Guide 

Audience: Developers new to ESAPI

Purpose: Explain to these developers how to start immediately using ESAPI

Outline:

  • Overview of ESAPI
  • How to download, install, get dependencies
  • Where is all the documentation/javadoc
  • Where/what is Swingset - where are the coding examples
  • List of the top 5 quick hits you can achieve with ESAPI
  • Concrete examples of how to accomplish each of these 5 things, with problem descriptions, example problem code, and example code that addresses the problem


How to Secure an Existing Application with ESAPI 

Audience: Developers

Purpose: Explain to developers how to address most of the common security problems in an existing application using ESAPI

Outline:

  • Similar to previous, except it goes through all major areas where ESAPI provides controls, not just the top 5.


How to Use ESAPI in a New Application How to Create a Custom ESAPI for Your Organization

Web Pages

  • Revamp the ESAPI Website
  • How will the ESAPI be updated and released.
  • CWE_ESAPI CWEs addressed by ESAPI - Assigned to Steve Christey
  • Features List


Other Documents

Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_Documentation&oldid=48449"