Difference between revisions of "OWASP Working Session Enterprise Security API Project"

From OWASP
Jump to: navigation, search
 
(11 intermediate revisions by 9 users not shown)
Line 9: Line 9:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|TBD
+
  | colspan="6" style="width:85%; background:#cccccc" align="left"|In this working session we will consider all aspects of the Enterprise Security API project. The goal of the project is to simplify security for developers to make secure code more likely. To achieve this goal we define clean intuitive APIs for standard security functionality. Ideally, these APIs will cover common security controls across web applications, web services, and even rich client applications. This working session will review the state of the project, discuss technical issues, discuss "marketing" of the project, prioritize project work items, and browbeat attendees into joining the project and making the world a safer place.
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects (if any)'''  
Line 29: Line 29:
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Venue/Date&Time/Model'''
 
  | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]  
 
  | style="width:25%; background:#cccccc" align="center"|'''Venue'''<br>[[:OWASP EU Summit 2008|OWASP EU Summit Portugal 2008]]  
  | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5 & 7, 2008 <br>Time TBD
+
  | style="width:25%; background:#cccccc" align="center"|'''Date&Time'''<br>November 5, 2008 <br>1:00 PM
 
  | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees"  
 
  | style="width:25%; background:#cccccc" align="center"|'''Discussion Model'''<br>"Participants + Attendees"  
 
  |}
 
  |}
Line 69: Line 69:
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Fill in here.
+
  | style="width:46%; background:#C2C2C2" align="center"|[http://uk.youtube.com/watch?v=-D_bymZ-8vI Video]
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |}
 
  |}
Line 83: Line 83:
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|1
 
  | style="width:7%; background:#7B8ABD" align="center"|1
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Matt Tesauro
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|OWASP Live CD Project Lead
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Curious about how various "ports" should be handled (lang != Java) <br> Run them as separate projects or sub-projects.  How are they synchronized, if at all?  What state are they in?  How bad will the browbeating be?
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|2
 
  | style="width:7%; background:#7B8ABD" align="center"|2
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Andrea Cogliati
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|OWASP Rochester, NY
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Interested in porting to other platforms (Ruby&Rails) and in integration issues with existing framework (Struts, Spring, ...)
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|3
 
  | style="width:7%; background:#7B8ABD" align="center"|3
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Alex Smolen
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Foundstone
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Author and Project Leader for .NET ESAPI
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|4
 
  | style="width:7%; background:#7B8ABD" align="center"|4
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Kuai Hinojosa
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|New York University
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Interesting in ESAPI for PHP and How to best implement the ESAPI.
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|5
 
  | style="width:7%; background:#7B8ABD" align="center"|5
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Fred Donovan
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Donovan Networks
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Interested in the structure and integrating this as a solution for Fortune 200 web development processes
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|6
 
  | style="width:7%; background:#7B8ABD" align="center"|6
Line 133: Line 133:
 
  |}
 
  |}
 
If needed add here more lines.
 
If needed add here more lines.
 +
 +
[[Category:OWASP_Working_Session]]

Latest revision as of 12:33, 28 November 2008

Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name OWASP Enterprise Security API Project
Short Work Session Description In this working session we will consider all aspects of the Enterprise Security API project. The goal of the project is to simplify security for developers to make secure code more likely. To achieve this goal we define clean intuitive APIs for standard security functionality. Ideally, these APIs will cover common security controls across web applications, web services, and even rich client applications. This working session will review the state of the project, discuss technical issues, discuss "marketing" of the project, prioritize project work items, and browbeat attendees into joining the project and making the world a safer place.
Related Projects (if any)

OWASP Enterprise Security API (ESAPI) Project

Email Contacts & Roles Chair
Jeff Williams
Secretary
Arshan Dabirsiaghi
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives

Introduce everyone to the idea and cost-benefits of an ESAPI.

Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
Date&Time
November 5, 2008
1:00 PM
Discussion Model
"Participants + Attendees"
WORKING SESSION OPERATIONAL RESOURCES
Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
WORKING SESSION ADDITIONAL DETAILS
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.
WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
A volunteer to lead the 'marketing' campaign for ESAPI. After the Board Meeting - fill in here.
Prioritized list of marketing ideas for the ESAPI concept. After the Board Meeting - fill in here.
Prioritized list of ideas for improving the API. After the Board Meeting - fill in here.
Video After the Board Meeting - fill in here.

Working Session Participants

(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
1 Matt Tesauro OWASP Live CD Project Lead Curious about how various "ports" should be handled (lang != Java)
Run them as separate projects or sub-projects. How are they synchronized, if at all? What state are they in? How bad will the browbeating be?
2 Andrea Cogliati OWASP Rochester, NY Interested in porting to other platforms (Ruby&Rails) and in integration issues with existing framework (Struts, Spring, ...)
3 Alex Smolen Foundstone Author and Project Leader for .NET ESAPI
4 Kuai Hinojosa New York University Interesting in ESAPI for PHP and How to best implement the ESAPI.
5 Fred Donovan Donovan Networks Interested in the structure and integrating this as a solution for Fortune 200 web development processes
6
7
8
9
10

If needed add here more lines.