[OWASP-ESAPI] Standardizing ESAPI Toolkit Tab Information

Boberski, Michael [USA] boberski_michael at bah.com
Tue Mar 17 09:50:41 EDT 2009


Jeff, towards the end of promoting the use of ESAPI which I'm now doing
in addition to promoting the use of ASVS, I propose standardizing the
information that appears on each version's tab. The goal is to further
productize each toolkit, to further facilitate their adoption by
development teams.

I propose each ESAPI project page tab should contain two main sections:
a readme and a release notes. I propose each section have the contents
below. Alternatively, each could (or perhaps should?) be separate
downloadable readme and a release notes files.

Please let me know if the below looks ok, or if there are any proposed
changes. I can then go and update the tabs or create separate
downloadable readme and a release notes files, whichever ends up looking
better or if you have guidance on that. 

Mike B.


----
'''OWASP ESAPI - PHP Edition ReadMe'''
Release <version>

Document issue: <version>
<Month> <Year>

This document provides information about the PHP Edition of OWASP ESAPI.
The topics below cover system requirements, additional product
information, and application notes. 

For information about the new features of this release, known issues,
resolved issues, and limitations, refer to the Release notes.

System Requirements

Any webserver that has approximately six megabytes of available disk
space, and properly supports PHP, such as Apache or Internet Information
Services (IIS). The following is required to be installed on the server:

PHP 4.1.0 or higher. The following are required to be set correctly in
your php.ini file:

* <setting> must be <value>
* <setting> must be <value>
* <setting> must be <value>

Other Requirements

<identify other requirements here, e.g. use of a reference
implementation, or e.g. the need to develop implementations for
interfaces>

Server Recommendations

These are not required, but may be beneficial to your ESAPI install and
enable you to use more functions.

* <operating system, and/or application server, etc.>
* <operating system, and/or application server, etc.>
* <operating system, and/or application server, etc.>
* PHP 5.2.0 or higher, with the following set in your php.ini file:
** <setting> must be <value>
** <setting> must be <value>
** <setting> must be <value>

Obtaining the PHP Edition of OWASP ESAPI

You can download the latest release of the PHP Edition of OWASP ESAPI
from the Google Code download page <download page uRL>

When you unzip the package, make sure that you keep the directory
structure.

----
'''OWASP ESAPI - PHP Edition Release Notes'''
Release <version>

Document issue: <version>
<Month> <Year>

Welcome to the PHP Edition of OWASP ESAPI <version>

This document provides information about PHP Edition of OWASP ESAPI
<version>. Browse through the topics below to find out about new
features, known issues and limitations for this release.

Information specific to the changes in this release are captured in this
document set. For all other information and for feature details, see the
ESAPI <version> programming manual.

New features

This release includes the following new features:

* <1-2 sentence feature description>
* <1-2 sentence feature description>
* <1-2 sentence feature description>

Fixed in this release

* <1-2 sentence fix description>
* <1-2 sentence fix description>
* <1-2 sentence fix description>

Known issues

* <1-2 sentence known issue description>
* <1-2 sentence known issue description>
* <1-2 sentence known issue description>

Upgrading from <earlier version>

<necessary guidance/instructions e.g. what files to copy over>


More information about the OWASP-ESAPI mailing list