Projects/OWASP JAWS Project/Roadmap

From OWASP
Jump to: navigation, search

"* Next month I was thinking about getting the skeleton ready. This means the accounts/credentials (wiki, ...) followed by the 'official' request to create the project. Once this is done, I would like to make sure the homepage is set up properly, the repository (GIT probably) is set up, we have a system for continuous build/integration, have the account for i18n, IDE, ...

  • From October on I would like to focus on the real development and adding of content.
  • By end of this year I would like to have 10 working protection samples in the application, fully testable, unit tested and code covered.
  • As soon as the content is 'to the team's opinion' ready to be challenged I would like to go 'live' :-)

The idea is to have a project that runs with as less as possible configuration, set up or rights needed on the system. I want the developers to be able to run it and play with it as fast as possible. As sometimes the systems (within a corporate environment) are locked down I also don't want them to install anything (or as less as possible).

The application would contain a good (protected) page and a bad (broken) page for each of the solution. The page would contain a very high level summary about what it is about, why it is important and links to other OWASP projects if applicable (thinking of JAVA project, ASVS, CSRFGuard, Code Snippets, ...) for more info and further reading.

At a later stage, I would like to introduce for each of the given solutions an architectural background so a developer could challenge if the solution is the right fit for his/her problem and make a well considered choice from the solutions. Some security problems may require a slightly different approach based on the the architecture of the application or any restrictions from a corporate/project point of view (e.g. a team may decide not to use any beta-solutions or solution that conflict with other in place frameworks, ...).

These are my ideas at the moment, but of course based on the input from contributors and feedback from the community, some stuff may change."