[Owasp-board] new OWASP book? "OWASP Attacks Reference Guide 2007"

Dinis Cruz dinis at ddplus.net
Thu Dec 13 00:46:27 UTC 2007


Sorry for delay in responding to your emails
We actually had a couple internal threads following your email, but somehow
we missed the bit where you told you about our thoughts  :(

As Jeff responded, we love your idea and following your successful
participation in SpoC we can moveforward a bit quicker, and offer you a
5,000 sponsorship (instead of you having to apply to the next initiative
(WoC - Winter of Code 08)).

Regarding publishing, I would like to do this in multiple stages, with a
first version (i.e. book) created asap with the relevant contents from the
OWASP website as they exist today (basically what is there now).

This 'book' would already a great asset, but also would be used by the
project contributors during their review process (for example I much prefer
to review text on a book than on a screen).

Back to your project: The idea would be to normalize (i.e. 'clean') all that
information that is out there, and add new material where necessary (see the
Honeycomb project)

*Moving forward, what we need from you is a project plan where you commit to
what you can deliver by the 1st of April.*

Thanks for your energy :)  and sorry again for this delay.

Dinis

On 12/12/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  Hi Leonardo,
>
>
>
> We all think this is a fantastic idea.  Actually I'm upset I didn't think
> to publish this a long time ago.  But I'd like to expand the scope of the
> project beyond just attacks.  I'd like to publish the whole Honeycomb
> project in a kind of "encyclopedia" of application security.  I'd like to
> set a date and put out a call for volunteers to help review, revise, update,
> add, delete, categorize, and organize the information.
>
>
>
> If you want to just take on the attacks part and get that published as a
> book – please work with Dinis on that.  If you're willing to take on the
> bigger project and help us get the whole encyclopedia created, we're willing
> to fund that effort with a $5,000 grant.  This project would involve setting
> some standards, recruiting people to take responsibility for parts of the
> document, and managing it to completion by some date, say April 1.
>
>
>
> Thanks – and please let us know what you'd like to do.
>
>
>
> --Jeff
>
>
>
> *From:* Leonardo Cavallari Militelli [mailto:leonardocavallari at gmail.com]
> *Sent:* Tuesday, December 11, 2007 11:34 AM
> *To:* jeff.williams at owasp.org
> *Cc:* Przemyslaw Skowron; Dinis Cruz
> *Subject:* Re: new OWASP book? "OWASP Attacks Reference Guide 2007"
>
>
>
> Hello Jeff and Dinis,
>
> Busy time, hã?! :)
>
> Can we have any details regarding the following ideas?
> We are really willing to put all that in practice.
>
> Best wishes,
> Leo
>
> On Nov 30, 2007 9:35 AM, Leonardo Cavallari Militelli <
> leonardocavallari at gmail.com> wrote:
>
> Hello all,
>
> In addition, while I was developing the attack guide I realize that there
> are poor integration of the guides (threats, attacks, vulnerabilities and
> countermeasure) and I was waiting just the end of SPOC and OWASP conferences
> to propose a new project regarding the reviewing,  organization and
> integration of them.
>
> Of course, it won't be possible to us be on charge of
> developing/describing all items in the guide, so the idea is to create a
> to-do list and call OWASP members to contribute in order to get it done
> quickly. Then we could review the contents and compile "the bible"! :)
>
> Jeff and Dinis, let us know your thoughts!
>
> Cheers,
> Leo
>
>
>
>  On Nov 30, 2007 2:57 AM, Jeff Williams < jeff.williams at owasp.org> wrote:
>
> Dinis,
>
> I think this is a ridiculously good idea. Actually I think we could expand
>
> it to cover threats, attacks, and vulnerabilities.  It would be great to
> stir up some interest on the lists by setting a publication date.
>
> I'd like to help, but I don't know all the details of getting the books
> produced. Dinis - what are the steps that have to be done before
> production?
>
> Great idea guys!
>
> --Jeff
>
>
> -----Original Message-----
> From: Przemyslaw Skowron [mailto:przemyslaw.skowron at gmail.com]
> Sent: Thursday, November 29, 2007 5:29 PM
> To: owasp at owasp.org
> Cc: Leonardo Cavallari Militelli
> Subject: new OWASP book? "OWASP Attacks Reference Guide 2007"
>
> Dear Madam/Sir,
>
> We saw on the lulu.com a web page dedicated to OWASP's books
> (http://stores.lulu.com/owasp). We are wondering if it's possible to
> publish a guide titled "OWASP Attacks Reference Guide 2007" ?
>
> The content of this guide would include our work, which we have done
> during the Spring of Code 2007. Detailed information about the project
> you may find here -
> https://www.owasp.org/index.php/SpoC_007_-_Attacks_Reference_Guide_-_Progres
>
> s_Page
> .
>
>  In addition the content would be formated simmilarly to the  "OWASP
> Code Review - 2007 (RC1)" (http://www.lulu.com/content<http://www.lulu.com/content/1415989>/1415989
> <http://www.lulu.com/content/1415989>). It
> wouldn't be the wiki format for sure.
>
> Of course we don't have any wage expectations. The only thing we ask
> for, is OWASP permission to publish the guide and to provide us with
> template, e.g . OWASP Code Review 2007 (RC1)) :-)
>
> Best regards,
> Leonardo Cavallari Militell and Przemyslaw 'rezos' Skowron.
>
> --
> Przemyslaw Skowron, <przemyslaw.skowron {at} gmail.com>
> Blog: http://pskowron.blogspot.com (Polish)
> Linkedin: http://www.linkedin.com/in <http://www.linkedin.com/in/pskowron>/pskowron
> <http://www.linkedin.com/in/pskowron>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20071213/97f71485/attachment-0002.html>


More information about the Owasp-board mailing list