[Owasp-board] (vote request) Fwd: new OWASP book? "OWASP Attacks Reference Guide 2007"

Dinis Cruz dinis at ddplus.net
Mon Dec 3 08:42:02 UTC 2007


Well we could make it as part of their project brief to 'get community'
participation
That would be a win-win situation what do you think?

Dinis

On 12/2/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  I'm all for funding this.  But I think it's important to recognize that
> we shouldn't be funding improvements to the material directly.  Our most
> successful projects (Testing Guide) are where we fund the manager to build a
> team to get things done.  These guys did some nice improvements to the
> attack stuff – but it was just their work.  I think if we had someone
> promote this heavily, we could get a large community of people working on
> this – dwarfing the improvements a small group of individuals could
> accomplish.
>
>
>
> --Jeff
>
>
>
> *From:* owasp-board-bounces at lists.owasp.org [mailto:
> owasp-board-bounces at lists <owasp-board-bounces at lists.owasp.org>.owasp.org<owasp-board-bounces at lists.owasp.org>]
> *On Behalf Of *Dinis Cruz
> *Sent:* Friday, November 30, 2007 6:56 AM
> *To:* OWASP Board
> *Subject:* [Owasp-board] (vote request) Fwd: new OWASP book? "OWASP
> Attacks Reference Guide 2007"
>
>
>
> I agree that this is a terrific idea, and I think we should be proactive
> and allocate 5,000 USD from WoC 08 to these guys to build up these books
> (since I think that there will be more than one)
>
>
>
> In fact we should allocate 5,500 USD with 500 USD in 'OWASP points' to buy
> the 'proof version of the books created'
>
>
>
> Given their past track record (in SpoC 07) I was already going to ask them
> to submit another proposal for WoC 08 (which they would had won since the
> AoC / SpoC / WoC rules are designed to reward people who have previously
> delivered)
>
>
>
> Yes or No?
>
>
>
> Dinis
>
> ---------- Forwarded message ----------
> From: *Leonardo Cavallari Militelli* <leonardocavallari at gmail.com>
> Date: Nov 30, 2007 11:35 AM
> Subject: Re: new OWASP book? "OWASP Attacks Reference Guide 2007"
> To: jeff.williams at owasp.org
> Cc: Przemyslaw Skowron <przemyslaw.skowron at gmail.com>, Dinis Cruz <dinis at ddplus.net
> >
>
> Hello all,
>
> In addition, while I was developing the attack guide I realize that there
> are poor integration of the guides (threats, attacks, vulnerabilities and
> countermeasure) and I was waiting just the end of SPOC and OWASP conferences
> to propose a new project regarding the reviewing,  organization and
> integration of them.
>
> Of course, it won't be possible to us be on charge of
> developing/describing all items in the guide, so the idea is to create a
> to-do list and call OWASP members to contribute in order to get it done
> quickly. Then we could review the contents and compile "the bible"! :)
>
> Jeff and Dinis, let us know your thoughts!
>
> Cheers,
> Leo
>
>
>
>  On Nov 30, 2007 2:57 AM, Jeff Williams < jeff.williams at owasp.org> wrote:
>
> Dinis,
>
> I think this is a ridiculously good idea. Actually I think we could expand
>
> it to cover threats, attacks, and vulnerabilities.  It would be great to
> stir up some interest on the lists by setting a publication date.
>
> I'd like to help, but I don't know all the details of getting the books
> produced. Dinis - what are the steps that have to be done before
> production?
>
> Great idea guys!
>
> --Jeff
>
>
> -----Original Message-----
> From: Przemyslaw Skowron [mailto:przemyslaw.skowron at gmail.com]
> Sent: Thursday, November 29, 2007 5:29 PM
> To: owasp at owasp.org
> Cc: Leonardo Cavallari Militelli
> Subject: new OWASP book? "OWASP Attacks Reference Guide 2007"
>
> Dear Madam/Sir,
>
> We saw on the lulu.com a web page dedicated to OWASP's books
> (http://stores.lulu.com/owasp). We are wondering if it's possible to
> publish a guide titled "OWASP Attacks Reference Guide 2007" ?
>
> The content of this guide would include our work, which we have done
> during the Spring of Code 2007. Detailed information about the project
> you may find here -
> https://www.owasp.org/index.php/SpoC_007_-_Attacks_Reference_Guide_-_Progres
>
> s_Page
> .
>
>  In addition the content would be formated simmilarly to the  "OWASP
> Code Review - 2007 (RC1)" ( http://www.lulu.com/content<http://www.lulu.com/content/1415989>/1415989
> <http://www.lulu.com/content/1415989>). It
> wouldn't be the wiki format for sure.
>
> Of course we don't have any wage expectations. The only thing we ask
> for, is OWASP permission to publish the guide and to provide us with
> template, e.g . OWASP Code Review 2007 (RC1)) :-)
>
> Best regards,
> Leonardo Cavallari Militell and Przemyslaw 'rezos' Skowron.
>
> --
> Przemyslaw Skowron, <przemyslaw.skowron {at} gmail.com>
> Blog: http://pskowron.blogspot.com (Polish)
> Linkedin: http://www.linkedin.com/in <http://www.linkedin.com/in/pskowron>/pskowron
> <http://www.linkedin.com/in/pskowron>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071203/55c1362f/attachment-0002.html>


More information about the Owasp-board mailing list