Difference between revisions of "ESAPI Documentation"

From OWASP
Jump to: navigation, search
(Documentation Plan)
(Documentation Plan)
Line 5: Line 5:
 
== Documentation Plan ==  
 
== Documentation Plan ==  
  
* Smaller Documents
+
Proposed Documents
** ESAPI Executive Overview
+
 
 +
=== Smaller Documents ===
 +
* ESAPI Executive Overview
 
Audience: Executives<br>
 
Audience: Executives<br>
 
Purpose: To provide executives with an understanding of:
 
Purpose: To provide executives with an understanding of:
Line 16: Line 18:
 
* How to adopt an ESAPI?
 
* How to adopt an ESAPI?
 
Outline: (See Purpose)
 
Outline: (See Purpose)
** FAQ (For non-users)
+
* FAQ (For non-users)
 
Audience: Potential users of ESAPI<br>
 
Audience: Potential users of ESAPI<br>
 
Purpose: To provide 'quick' hit, information about ESAPI<br>
 
Purpose: To provide 'quick' hit, information about ESAPI<br>
 
Topics: Summary of main points in the Executive Overview<br>
 
Topics: Summary of main points in the Executive Overview<br>
** FAQ (For people using ESAPI)
+
* FAQ (For people using ESAPI)
 
Audience (Technical people using ESAPI)<br>
 
Audience (Technical people using ESAPI)<br>
 
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls.
 
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls.
Line 27: Line 29:
 
* Performance
 
* Performance
 
<br>
 
<br>
* Larger Documents
+
=== Larger Documents ===
** Getting Started Guide
+
* Getting Started Guide
** How to Secure an Existing Application with ESAPI
+
* How to Secure an Existing Application with ESAPI
** How to Use ESAPI in a New Application
+
* How to Use ESAPI in a New Application
** How to Create a Custom ESAPI for Your Organization
+
* How to Create a Custom ESAPI for Your Organization
 
<br>
 
<br>
* Web pages
+
=== Web Pages ===
** Revamp the ESAPI Website
+
* Revamp the ESAPI Website
** How will the ESAPI be updated and released.
+
* How will the ESAPI be updated and released.
** [[CWE_ESAPI]] CWEs addressed by ESAPI - Assigned to Steve Christey
+
* [[CWE_ESAPI]] CWEs addressed by ESAPI - Assigned to Steve Christey
** Features List
+
* Features List
 
<br>
 
<br>
* Other
+
=== Other Documents ===
** ESAPI Architecture/Design Guideline
+
* ESAPI Architecture/Design Guideline
** Assurance Argument [[ESAPI_Assurance]]
+
* Assurance Argument [[ESAPI_Assurance]]

Revision as of 14:17, 11 December 2008

Contents

Overview

This page documents our current thoughts on the various documents we need to produce for the ESAPI project, and the audience, purpose, and high level outline of each document.

Documentation Plan

Proposed Documents

Smaller Documents

  • ESAPI Executive Overview

Audience: Executives
Purpose: To provide executives with an understanding of:

  • What ESAPI is? Goals.
  • Why an ESAPI is necessary. (App Sec is important/why/standardization)
  • The benefits of using an ESAPI? (Cost, ROI)
  • The current status of ESAPI? (Maturity, Stability, Licensing, Support)
  • Who created it, where it came from, credibility, who is using it?
  • How to adopt an ESAPI?

Outline: (See Purpose)

  • FAQ (For non-users)

Audience: Potential users of ESAPI
Purpose: To provide 'quick' hit, information about ESAPI
Topics: Summary of main points in the Executive Overview

  • FAQ (For people using ESAPI)

Audience (Technical people using ESAPI)
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls. Outline:

  • How to use it the first time
  • Performance


Larger Documents

  • Getting Started Guide
  • How to Secure an Existing Application with ESAPI
  • How to Use ESAPI in a New Application
  • How to Create a Custom ESAPI for Your Organization


Web Pages

  • Revamp the ESAPI Website
  • How will the ESAPI be updated and released.
  • CWE_ESAPI CWEs addressed by ESAPI - Assigned to Steve Christey
  • Features List


Other Documents