ESAPI Documentation

From OWASP
Revision as of 13:09, 11 December 2008 by Wichers (Talk | contribs)

Jump to: navigation, search

Overview

TODO

Documentation Plan

  • Smaller Documents
    • ESAPI Executive Overview

Audience: Executives
Purpose: To provide executives with an understanding of:

  • What ESAPI is? Goals.
  • Why an ESAPI is necessary. (App Sec is important/why/standardization)
  • The benefits of using an ESAPI? (Cost, ROI)
  • The current status of ESAPI? (Maturity, Stability, Licensing, Support)
  • Who created it, where it came from, credibility, who is using it?
  • How to adopt an ESAPI?

Outline: (See Purpose)

    • FAQ (For non-users)

Audience: Potential users of ESAPI
Purpose: To provide 'quick' hit, information about ESAPI
Topics: Summary of main points in the Executive Overview

    • FAQ (For people using ESAPI)

Audience (Technical people using ESAPI)
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls. Outline:

  • How to use it the first time
  • Performance


  • Larger Documents
    • Getting Started Guide
    • How to Secure an Existing Application with ESAPI
    • How to Use ESAPI in a New Application
    • How to Create a Custom ESAPI for Your Organization


  • Web pages
    • Revamp the ESAPI Website
    • How will the ESAPI be updated and released.
    • CWEs addressed by ESAPI - Assigned to Steve Christy
    • Features List


  • Other