[OWASP-LEADERS] Project Updates

[Michael Schmuhl]

After much discussion, we've finally figured out what we want out of the 
encyclopedia.  For information, I'll paste the first page detailing its 
reason for existing at the bottom of this message.

Our biggest hurdle now is the fact that we're not writers, which makes 
much of the work quite tedious.  Notwithstanding, we're committed to 
having a first version available for the launch of the new site in the 
end of January.

The first whack will be lacking many useful entries, but the form and 
core will be there.  We're hoping (as with the ASAC) to get many entries 
provided by others who want to contribute/see their name in print.



Purpose

The primary purpose of this encyclopedia is to establish a common 
nomenclature of terms related to attacks carried out against web-based 
applications, where the term web-based is defined as being based on the 
HTTP protocol, as opposed to other TCP/IP- or internet-based applications.

A secondary purpose is to provide information with the intent of 
educating those wishing to learn more of the aspects of web (or 
web-based) application security.  In this capacity, this document 
replaces the original Application Security Attack Components (ASAC) 
collection.

Terms and discussions found herein are weighed specifically towards web 
application security.  Many attack methods useful against web 
applications that are not of great concern for web application 
developers will not be given as much attention as those that cause more 
critical exposure or are more commonly exploited.


What it isn't

This encyclopedia is not a dictionary of terms.  A cross-referenced 
dictionary of all terms used in the context of web application security 
would not help achieve the primary purpose of this document.

This encyclopedia is neither a tutorial nor a definitive discussion of 
web application security concepts.  Where possible, links will be 
provided to such documents, but maintaining authoritative expositions of 
every type of attack (or the components thereof) used against web 
applications is beyond the scope of this document.

This encyclopedia is not a teaching tool for securing web applications 
against attack.  For this, please refer to the OWASP Guide to Building 
Secure Web Applications.




Mark Curphey wrote:
> Hi
> 
> I wondered if all project leaders can share a brief update with everyone
> on their projects status, hurdles, successes, plans etc
> 
> Cheers
> 
> Mark
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
> 
>