ESAPI Summit

Revision as of 13:02, 13 June 2011 by Chris Schmidt (talk | contribs)

Jump to: navigation, search

Summit 2011

Summit Overview

The ESAPI Summit will be held on September 20th at AppSecUSA


  • 09:00 - 09:30 Mission Briefing
    • Review Project Definition and Mission Statement (update if necc.)
  • 09:30 - 10:30 Brain Dump
    • Get everyones "big-picture" ideas up on the board
    • Brief statement about each, this should be a fast-paced Mind-Mapping Exercise aimed to get as many ideas as we can on the board as quickly as possible
  • 10:30 - 10:45 Break time
    • Good job, get some coffee and some air and get prepared for the real work.
  • 10:45 - 12:00 Bug Hunt
    • Review the list of existing ESAPI Bugs, assign a champion to them, and prioritize per champion
  • 12:00 - 13:00 Lunch - Open Conversation
    • Lunch to be provided by OWASP/ESAPI
  • 13:00 - 15:00 Where do we go now?
    • Now that the bugs are fresh in our heads, let's revisit our master wish-list from earlier and prioritize future enhancements, lay them out into a version roadmap (not a calendar roadmap). Some of these enhancements will likely jump out as high-priority and others as nice-to-haves. It should also be remembered, that a version roadmap is a organic document, it will constantly change and evolve to meet the demands of our users. This is just a first step in getting such a roadmap in place.
  • 15:00 - 15:15 Break time
    • Get some air, there is sure to be some great debate to reflect on
  • 15:15 - 16:00 Formally define the following policies
    • Becoming a Committer
    • Submitting Contributed Components
    • Reporting Security Vulnerabilities
  • 16:00 - 18:00 Aligning the ESAPI Projects
    • How do we bring all of the implementations into alignment as far as the API is concerned
    • How do we ensure that all implements adhere to the contract of the API
    • What level of adherement to the specification do we enforce to "sign off" on various implementations


Attending the ESAPI Summit

If you are planning to attend this summit, please list your name below so that we can ensure that we have adequate space and materials for everyone.

Summit 2008

Summit Overview

The first OWASP ESAPI Summit was held December 9-11, 2008. It was hosted by Aspect Security in their Columbia, MD office.

The following were the attendees of the Summit:

The following pages contain our thoughts/results from the summit.

Summary: TODO