OWASP Working Session Enterprise Security API Project
|Working Sessions Operational Rules - Please see here the general frame of rules.|
|WORKING SESSION IDENTIFICATION|
|Work Session Name||OWASP Enterprise Security API Project|
|Short Work Session Description||In this working session we will consider all aspects of the Enterprise Security API project. The goal of the project is to simplify security for developers to make secure code more likely. To achieve this goal we define clean intuitive APIs for standard security functionality. Ideally, these APIs will cover common security controls across web applications, web services, and even rich client applications. This working session will review the state of the project, discuss technical issues, discuss "marketing" of the project, prioritize project work items, and browbeat attendees into joining the project and making the world a safer place.|
|Related Projects (if any)|
|Email Contacts & Roles||Chair
|WORKING SESSION SPECIFICS|
Introduce everyone to the idea and cost-benefits of an ESAPI.
OWASP EU Summit Portugal 2008
November 5, 2008
"Participants + Attendees"
|WORKING SESSION OPERATIONAL RESOURCES|
|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.|
|WORKING SESSION ADDITIONAL DETAILS|
|Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.|
|WORKING SESSION OUTCOMES|
|Statements, Initiatives or Decisions||Proposed by Working Group||Approved by OWASP Board|
|A volunteer to lead the 'marketing' campaign for ESAPI.||After the Board Meeting - fill in here.|
|Prioritized list of marketing ideas for the ESAPI concept.||After the Board Meeting - fill in here.|
|Prioritized list of ideas for improving the API.||After the Board Meeting - fill in here.|
|Video||After the Board Meeting - fill in here.|
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
|WORKING SESSION PARTICIPANTS|
|Name||Company||Notes & reason for participating, issues to be discussed/addressed|
|1||Matt Tesauro||OWASP Live CD Project Lead||Curious about how various "ports" should be handled (lang != Java) |
Run them as separate projects or sub-projects. How are they synchronized, if at all? What state are they in? How bad will the browbeating be?
|2||Andrea Cogliati||OWASP Rochester, NY||Interested in porting to other platforms (Ruby&Rails) and in integration issues with existing framework (Struts, Spring, ...)|
|3||Alex Smolen||Foundstone||Author and Project Leader for .NET ESAPI|
|4||Kuai Hinojosa||New York University||Interesting in ESAPI for PHP and How to best implement the ESAPI.|
|5||Fred Donovan||Donovan Networks||Interested in the structure and integrating this as a solution for Fortune 200 web development processes|
If needed add here more lines.