[Esapi-user] [Documentation sprint] New section "Using ESAPI to meet DISA STIG requirements"
Boberski, Michael [USA]
boberski_michael at bah.com
Thu May 13 16:01:54 EDT 2010
FYI, I've added what amounts to an annotated outline to section "Using ESAPI to meet DISA STIG requirements" to the Google Code wiki, here: http://code.google.com/p/owasp-esapi-java/wiki/esapi4java_v2_DISA
Any thoughts or suggestions for improvement would be welcome. Perhaps for example "Extend your common security control library each development cycle" should instead be "Extend use of your common security control library each development cycle" so that's not specific to using an adapter in the sense described in step 1. It's geared towards existing applications and applications that are far along in their development cycles. I'll be poking away at this further in the days to come, it's just a quick first cut, some of the mappings are a little wacky.
Ultimately there should be sub-pages that get down to code, as with the section "Using ESAPI to meet OWASP ASVS requirements". Compared to ASVS though, I think the STIG is just too big and too much of a jumble of types of requirements not to try to wrap some process/guidance around, before getting down to code.
Help me help the US DoD understand how they can use ESAPI. The STIG already references OWASP in many instances, so let's help 'em out a little more, with this.
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user