[OWASP-LEADERS] Project Updates

Mark Curphey mark at curphey.com
Fri Dec 13 00:20:05 EST 2002 

Thanks. I am helping Alex with the Guide Release 2.0 so he can
concentrate on Filters. We have some great new authors and exciting new
content. 

Essentially the plan is for Release 2.0 to coincide with the portal
release. Quite a bit of new content including frameworks (.NET and
J2EE), some language specific content (Java and PHP), Architecture (MVC
etc), web services (SAML etc) and SSO (Liberty and .NET passport).

We are also concentrating heavily on quality and many sections will get
a thorough re-write. We are also going to have code examples where
appropriate.

I am really excited.



On Thu, 2002-12-12 at 11:12, Michael Schmuhl wrote:
> After much discussion, we've finally figured out what we want out of the 
> encyclopedia.  For information, I'll paste the first page detailing its 
> reason for existing at the bottom of this message.
> 
> Our biggest hurdle now is the fact that we're not writers, which makes 
> much of the work quite tedious.  Notwithstanding, we're committed to 
> having a first version available for the launch of the new site in the 
> end of January.
> 
> The first whack will be lacking many useful entries, but the form and 
> core will be there.  We're hoping (as with the ASAC) to get many entries 
> provided by others who want to contribute/see their name in print.
> 
> 
> 
> Purpose
> 
> The primary purpose of this encyclopedia is to establish a common 
> nomenclature of terms related to attacks carried out against web-based 
> applications, where the term web-based is defined as being based on the 
> HTTP protocol, as opposed to other TCP/IP- or internet-based applications.
> 
> A secondary purpose is to provide information with the intent of 
> educating those wishing to learn more of the aspects of web (or 
> web-based) application security.  In this capacity, this document 
> replaces the original Application Security Attack Components (ASAC) 
> collection.
> 
> Terms and discussions found herein are weighed specifically towards web 
> application security.  Many attack methods useful against web 
> applications that are not of great concern for web application 
> developers will not be given as much attention as those that cause more 
> critical exposure or are more commonly exploited.
> 
> 
> What it isn't
> 
> This encyclopedia is not a dictionary of terms.  A cross-referenced 
> dictionary of all terms used in the context of web application security 
> would not help achieve the primary purpose of this document.
> 
> This encyclopedia is neither a tutorial nor a definitive discussion of 
> web application security concepts.  Where possible, links will be 
> provided to such documents, but maintaining authoritative expositions of 
> every type of attack (or the components thereof) used against web 
> applications is beyond the scope of this document.
> 
> This encyclopedia is not a teaching tool for securing web applications 
> against attack.  For this, please refer to the OWASP Guide to Building 
> Secure Web Applications.
> 
> 
> 
> 
> Mark Curphey wrote:
> > Hi
> > 
> > I wondered if all project leaders can share a brief update with everyone
> > on their projects status, hurdles, successes, plans etc
> > 
> > Cheers
> > 
> > Mark
> > 
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by:
> > With Great Power, Comes Great Responsibility 
> > Learn to use your power at OSDN's High Performance Computing Channel
> > http://hpc.devchannel.org/
> > _______________________________________________
> > Owasp-leaders mailing list
> > Owasp-leaders at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-leaders
> > 
> > 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
>

More information about the OWASP-Leaders mailing list