[GPC] Swingset Redux

Paulo Coimbra paulo.coimbra at owasp.org
Tue Jun 22 11:48:55 EDT 2010

Hello Fabio,

First of all, thank you for volunteering to lead an OWASP Project.  It is
with volunteers like yourself that OWASP continues to succeed in making
application security visible.

Second, regarding your new leadership of this project, I'd like to request
that you send a project roadmap - basically the high level details of where
you'd like to take the project.  The OWASP Global Projects Committee (GPC)
will look at the roadmap and provide feedback on your project:  suggesting
projects which are closely related, resources and contacts which may assist
your efforts and any other suggestions to increase your project's success.


To get your project started, here are a couple of references for your

 - The Guidelines for OWASP Projects provide a quick overview of items key
to a projects success -

 - OWASP's Assessment Criteria is the metric by which projects are
evaluated.  There are three categories for projects: Alpha, Beta, and
Release.  The Assessment Criteria allows project leaders to know what
aspects of projects OWASP values -


 - OWASP's GPC blog - http://globalprojectscommittee.wordpress.com/,

Your project will have an OWASP wiki page to inform and promote your project
to the OWASP community.  To setup your project's page, please provide the
details below so that the GPC can establish your initial project page.  The
details provided will be used to complete OWASP's project template.  Feel
free to add any additional information to wiki page or request assistance
about how to add to your projects wiki page.

Details to create your project page:
(0) Project Name,

(1) Project purpose / overview,
(2) Project Roadmap (as mentioned above),
(3) Project links (if any) to external sites,
(4) Project License
(5) Project Leader name, 

(6) Project Leader email address,
(7) Project Leader wiki account - the username (you'll need this to edit the
(8) Project Maintainer (if any)  - name, email and wiki account (if any),
(9) Project Contributor(s) (if any) - name email and wiki account (if any),

As your project reaches a point that you'd like OWASP to assist in its
promotion, the GPC will need the following to help spread the word about
your project:

 * Conference style presentation describing the project in at least 3 slides

 * Project Flyer/Pamphlet (PDF file) -

As work on your project progresses and you are ready to create a release,
please let the GPC know of the change in status.  The GPC can work with you
to get your project assessed and moved up the OWASP quality ladder from
Alpha to Beta to Stable.  Every release does not require an assessment -
feel free to email the GPC if you are unsure about your project's
requirements.  For examples of projects at various quality levels, please
see the OWASP Project page -

That is all for now - I wish you and your project great success.  Thank you
for supporting OWASP's mission.

Should you have any questions or require any further information, please do
not hesitate to contact me. 

Many thanks, best regards,


Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager



From: Jeff Williams [mailto:jeff.williams at owasp.org] 
Sent: terça-feira, 22 de Junho de 2010 16:10
To: fabio.e.cerullo at aib.ie; dave.wichers at owasp.org; 'Paulo Coimbra'
Cc: Cathal.P.Courtney at aib.ie
Subject: RE: Swingset Redux


Hi Fabio,


Thank you and Cathal so much. This is very exciting. Ideally, I’d like to
set this up as a separate repository at GoogleCode.  We should also set up a
wiki page on the OWASP wiki and link it into the main page on ESAPI as well.
For distribution, we can simply upload a zip file to the OWASP wiki for now.
Perhaps later when the Google Code repository is set up we can serve it
right from there.   If you need help on any of this, please just let me


So for now, could we start a wiki page at OWASP and upload the zip file and
instructions there?  Then I can download and test.


Thank you!




Jeff Williams, Chair

The OWASP Foundation

work: 410-707-1487

main: 301-604-4882


From: fabio.e.cerullo at aib.ie [mailto:fabio.e.cerullo at aib.ie] 
Sent: Tuesday, June 22, 2010 10:22 AM
To: jeff.williams at owasp.org; dave.wichers at owasp.org
Cc: Cathal.P.Courtney at aib.ie
Subject: Swingset Redux



As promised, Cathal & myself have been working in a 'customized' version of
Swingset which allows you to not only see how application vulnerabilities
could be remediated by implementing ESAPI, but also enable users to play
with the code and fix these vulnerabilities themselves. 

For each lesson we have included: 

- Introduction 
- Exercise 
- Solution 

There is also an installation guide to set up Eclise, Swingset & ESAPI so
everything works together. 

Could you please let me know a code repository where we could copy this for
your review? 

Thank you, 

Fabio Cerullo
Divisional Information Security 
Bankcentre D1, 
Dublin 4,

Tel: +353 1 772 6309
Email: fabio.e.cerullo at aib.ie

This document is strictly confidential and is intended for use by the
addressee unless otherwise indicated.
This email has been scanned by an external email security system.
Allied Irish Banks
AIB and AIB Group are registered business names of Allied Irish Banks p.l.c.
Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
Registered in Ireland: Registered No. 24173
Please consider the environment before printing this e-mail. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20100622/46432905/attachment.html 

More information about the Global-projects-committee mailing list