[Owasp-board] (vote request) Fwd: new OWASP book? "OWASP Attacks Reference Guide 2007"

Jeff Williams jeff.williams at owasp.org
Sun Dec 2 21:25:28 UTC 2007

I'm all for funding this.  But I think it's important to recognize that we
shouldn't be funding improvements to the material directly.  Our most
successful projects (Testing Guide) are where we fund the manager to build a
team to get things done.  These guys did some nice improvements to the
attack stuff - but it was just their work.  I think if we had someone
promote this heavily, we could get a large community of people working on
this - dwarfing the improvements a small group of individuals could




From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Friday, November 30, 2007 6:56 AM
To: OWASP Board
Subject: [Owasp-board] (vote request) Fwd: new OWASP book? "OWASP Attacks
Reference Guide 2007"


I agree that this is a terrific idea, and I think we should be proactive and
allocate 5,000 USD from WoC 08 to these guys to build up these books (since
I think that there will be more than one)


In fact we should allocate 5,500 USD with 500 USD in 'OWASP points' to buy
the 'proof version of the books created'


Given their past track record (in SpoC 07) I was already going to ask them
to submit another proposal for WoC 08 (which they would had won since the
AoC / SpoC / WoC rules are designed to reward people who have previously


Yes or No? 



---------- Forwarded message ----------
From: Leonardo Cavallari Militelli <leonardocavallari at gmail.com>
Date: Nov 30, 2007 11:35 AM
Subject: Re: new OWASP book? "OWASP Attacks Reference Guide 2007" 
To: jeff.williams at owasp.org
Cc: Przemyslaw Skowron <przemyslaw.skowron at gmail.com>, Dinis Cruz <
dinis at ddplus.net <mailto:dinis at ddplus.net> >

Hello all,

In addition, while I was developing the attack guide I realize that there
are poor integration of the guides (threats, attacks, vulnerabilities and
countermeasure) and I was waiting just the end of SPOC and OWASP conferences
to propose a new project regarding the reviewing,  organization and
integration of them. 

Of course, it won't be possible to us be on charge of developing/describing
all items in the guide, so the idea is to create a to-do list and call OWASP
members to contribute in order to get it done quickly. Then we could review
the contents and compile "the bible"! :) 

Jeff and Dinis, let us know your thoughts!


On Nov 30, 2007 2:57 AM, Jeff Williams < jeff.williams at owasp.org
<mailto:jeff.williams at owasp.org> > wrote: 


I think this is a ridiculously good idea. Actually I think we could expand 
it to cover threats, attacks, and vulnerabilities.  It would be great to
stir up some interest on the lists by setting a publication date.

I'd like to help, but I don't know all the details of getting the books 
produced. Dinis - what are the steps that have to be done before production?

Great idea guys!


-----Original Message-----
From: Przemyslaw Skowron [mailto:przemyslaw.skowron at gmail.com]
Sent: Thursday, November 29, 2007 5:29 PM 
To: owasp at owasp.org
Cc: Leonardo Cavallari Militelli
Subject: new OWASP book? "OWASP Attacks Reference Guide 2007"

Dear Madam/Sir,

We saw on the lulu.com a web page dedicated to OWASP's books 
(http://stores.lulu.com/owasp). We are wondering if it's possible to
publish a guide titled "OWASP Attacks Reference Guide 2007" ? 

The content of this guide would include our work, which we have done 
during the Spring of Code 2007. Detailed information about the project
you may find here -


 In addition the content would be formated simmilarly to the  "OWASP
Code Review - 2007 (RC1)" ( http://www.lulu.com/content
<http://www.lulu.com/content/1415989> /1415989
<http://www.lulu.com/content/1415989> ). It
wouldn't be the wiki format for sure.

Of course we don't have any wage expectations. The only thing we ask
for, is OWASP permission to publish the guide and to provide us with
template, e.g . OWASP Code Review 2007 (RC1)) :-)

Best regards,
Leonardo Cavallari Militell and Przemyslaw 'rezos' Skowron.

Przemyslaw Skowron, <przemyslaw.skowron {at} gmail.com>
Blog: http://pskowron.blogspot.com (Polish)
Linkedin: http://www.linkedin.com/in <http://www.linkedin.com/in/pskowron>
/pskowron  <http://www.linkedin.com/in/pskowron> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071202/b7a2ceb4/attachment-0002.html>

More information about the Owasp-board mailing list