This page documents our current thoughts on the various documents we need to produce for the ESAPI project, and the audience, purpose, and high level outline of each document.
- ESAPI Executive Overview
Purpose: To provide executives with an understanding of:
- What ESAPI is? Goals.
- Why an ESAPI is necessary. (App Sec is important/why/standardization)
- The benefits of using an ESAPI? (Cost, ROI)
- The current status of ESAPI? (Maturity, Stability, Licensing, Support)
- Who created it, where it came from, credibility, who is using it?
- How to adopt an ESAPI?
Outline: (See Purpose)
- FAQ (For non-users)
Audience: Potential users of ESAPI
Purpose: To provide 'quick' hit, information about ESAPI
Topics: Summary of main points in the Executive Overview
- FAQ (For people using ESAPI)
Audience (Technical people using ESAPI)
Purpose: To provide 'quick' hit, information about how to use ESAPI, and how to add ESAPI to or integrate ESAPI with your existing security controls. Outline:
- How to use it the first time
- Getting Started Guide
- How to Secure an Existing Application with ESAPI
- How to Use ESAPI in a New Application
- How to Create a Custom ESAPI for Your Organization
- Revamp the ESAPI Website
- How will the ESAPI be updated and released.
- CWE_ESAPI CWEs addressed by ESAPI - Assigned to Steve Christey
- Features List
- ESAPI Architecture/Design Guideline
- Assurance Argument ESAPI_Assurance