[OWASP-LEADERS] Project Updates
michael at schmuhl.org
Thu Dec 12 14:12:55 EST 2002
After much discussion, we've finally figured out what we want out of the
encyclopedia. For information, I'll paste the first page detailing its
reason for existing at the bottom of this message.
Our biggest hurdle now is the fact that we're not writers, which makes
much of the work quite tedious. Notwithstanding, we're committed to
having a first version available for the launch of the new site in the
end of January.
The first whack will be lacking many useful entries, but the form and
core will be there. We're hoping (as with the ASAC) to get many entries
provided by others who want to contribute/see their name in print.
The primary purpose of this encyclopedia is to establish a common
nomenclature of terms related to attacks carried out against web-based
applications, where the term web-based is defined as being based on the
HTTP protocol, as opposed to other TCP/IP- or internet-based applications.
A secondary purpose is to provide information with the intent of
educating those wishing to learn more of the aspects of web (or
web-based) application security. In this capacity, this document
replaces the original Application Security Attack Components (ASAC)
Terms and discussions found herein are weighed specifically towards web
application security. Many attack methods useful against web
applications that are not of great concern for web application
developers will not be given as much attention as those that cause more
critical exposure or are more commonly exploited.
What it isn't
This encyclopedia is not a dictionary of terms. A cross-referenced
dictionary of all terms used in the context of web application security
would not help achieve the primary purpose of this document.
This encyclopedia is neither a tutorial nor a definitive discussion of
web application security concepts. Where possible, links will be
provided to such documents, but maintaining authoritative expositions of
every type of attack (or the components thereof) used against web
applications is beyond the scope of this document.
This encyclopedia is not a teaching tool for securing web applications
against attack. For this, please refer to the OWASP Guide to Building
Secure Web Applications.
Mark Curphey wrote:
> I wondered if all project leaders can share a brief update with everyone
> on their projects status, hurdles, successes, plans etc
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility
> Learn to use your power at OSDN's High Performance Computing Channel
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
More information about the OWASP-Leaders