[Esapi-user] [Esapi-dev] Call To Arms - Documentation

Jim Manico jim.manico at owasp.org
Mon Nov 22 12:33:26 EST 2010

> Ideally we would migrate this documentation to the (OWASP) wiki.

I think this is a great idea. We have a combo of Google code Wiki, OWASP
Wiki and flat-file documentation. I think centralizing all docs to the OWASP
Wiki - as well as organizing those docs - would go a long way for the

- Jim

-----Original Message-----
From: esapi-dev-bounces at lists.owasp.org
[mailto:esapi-dev-bounces at lists.owasp.org] On Behalf Of Chris Schmidt
Sent: Monday, November 22, 2010 7:07 AM
To: Kevin W. Wall; ESAPI Devs
Cc: ESAPI Users
Subject: Re: [Esapi-dev] [Esapi-user] Call To Arms - Documentation

Responses inline

On 11/22/10 9:53 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:

> On 11/22/2010 11:14 AM, Chris Schmidt wrote:
>> Community - 
>> With the impending release of 2.0GA - we need to shift some focus towards
>> getting relevant, up-to-date documentation added to the OWASP Wiki
>> installation, configuration, and use of the ESAPI Libraries. While there
>> a great deal of information already available on the wiki - there is a
>> deal more that needs to be documented as well.
> Chris, so what do we do with all the documentation under the
> directory? Do we xlate that to Wiki format? Or is it sufficient to just
> reference this documentation (from Google Code URLs) via the Wiki?

Ideally we would migrate this documentation to the wiki. Main reason being
that it is easier to compile everything together if we need to publish a
print documentation or create offline documentation than it is to do this
from a variety of locations.

>> Dave Wichers - long time supported and contributer to the ESAPI Project
>> of the wizards behind the curtain if you will) has graciously offered to
>> spearhead this effort and roadmap the documentation sprint leading up to
>> GA release. 
> Dave... thanks for stepping up and volunteering to do this. It will really
> help.

To be clear, Dave has volunteered to roadmap the documentation effort, and
assist with tasks - which is a bit of a daunting task to begin with, so it
will fall to the rest of us (developers) to be there to answer any questions
and provide context to anyone doing documentation.

>> If you have some spare cycles and can contribute anything from a few
>> to a few hours contributing your collective knowledge and experience to
>> using and integrating ESAPI - I am sure that the world and future ESAPI
>> users would be forever indebted to your sacrifice. :)
> Just an FYI... I am finishing up the design doc on ESAPI 2.0 crypto. I'm
> sure that such a document isn't going to be useful for most, but it will
> also provide a bit of a road map of where I intend to go in 2.1 and 3.0
> that some might find interesting. I've already completed a user guide for
> this, so not sure how much more is needed in the area of ESAPI crypto
> documentation.

This is great news and it is imperative that this information be included in
the documentation for the project. This will be extremely useful to anyone
who is a security architect for an application or other decision makers to
get a handle on the ESAPI reference encryptor and make informed decisions
about whether to use it or an adaptation of another provider (ie BC)

Thanks Kevin!

> -kevin

Esapi-dev mailing list
Esapi-dev at lists.owasp.org

More information about the Esapi-user mailing list