[Owasp-guide] progress

Theo Van Niekerk theovn.list at gmail.com
Tue Mar 30 17:20:20 EDT 2010 

Thanks Mike

It seems like you want to cover quite a lot of detail in each sheet?
Please correct me if I underestimate the task at hand, but I imagined a single but comprehensive worksheet for each of the ASVS items.
I guess I just want to save some paper! For example, once the developer has identified data outputs (all outputs should be untrusted), the appropriate control should be identified and applied. One could put that on the same or separate sheets. Anyway its late here in ZA. I'll think a but it some more.
It will probably become more clear when the details get filled in.

By the way, do we stick with the ASVS items as if they are cast in stone, or will we adapt and expand later on?

Cheers
Theo
On 30 Mar 2010, at 21:41, Boberski, Michael [USA] wrote:

> Hi Theo. Some quick initial comments:
> 
> TOC has broken links;
> 
> Worksheets should go on separate wiki pages, e.g.:
> 
> OWASP-060x
> +-- OWASP-060x-DG-xx
> +---- Output encoding/escaping worksheet <-- put link to Word template on this page
> 
> To help get started on parsing requirements into sections, for 0601, I'd minimally start with something like:
> 
> OWASP-0601 Verify that all untrusted data that are output to HTML (including HTML elements, HTML attributes, javascript data values, CSS blocks, and URI attributes) are properly escaped for the applicable context.
> +-- OWASP-0601-DG-01 Identify untrusted HTML data outputs
> +---- Output encoding/escaping worksheet
> +-- OWASP-0601-DG-02 Escape untrusted HTML data outputs
> +---- Build or buy? Security control security check/effect checklist
> +---- Where to use? Solution stack checklist
> +---- How to use? Development team checklist
> +---- See also
> 
> 
> Best,
> 
> Mike B.
> 
> 
> -----Original Message-----
> From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Theo Van Niekerk
> Sent: Tuesday, March 30, 2010 3:12 PM
> To: owasp-guide at lists.owasp.org
> Cc: Abe
> Subject: [Owasp-guide] progress
> 
> Hi Mike
> 
> 
> I've created the ASVS 6.1 - 6.10 sections on the Wiki. And have committed some worksheets.
> Please see that I'm on the right track.
> 
> 
> Regards
> Theo
> --
> Theo van Niekerk
> theovn at gmail.com
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide

More information about the Owasp-guide mailing list