[Owasp-board] OWASP Cheatsheets

Jim Manico jim.manico at owasp.org
Fri May 29 19:28:31 UTC 2015

Thank you Timo.

The OWASP Cheatsheets series need a full review before the year is over. 
If anyone is interested in helping with the review, please join the 
project list and give us your comments. I am planning an intense review 
period during July and August, the only months I am home this year. :)

Also, if anyone has super deep expertise on individual topics and would 
like to take on a lead editor role for certain topics, please let me know!

This is a VERY heavily hit portion of OWASP.org and I've love your help 
to make it better.


- Jim

On 5/29/15 12:29 PM, Timo Goosen wrote:
> I support this initiative.
> I'd like to see some funds allocated to updating the XSS Evasion Cheat 
> Sheet as well as all the other offensive related cheatsheets.
> Attacks are changing all the time and we need to put some money 
> towards having the latest info.
> Regards.
> Timo
> On Thu, May 28, 2015 at 6:00 PM, Josh Sokol <josh.sokol at owasp.org 
> <mailto:josh.sokol at owasp.org>> wrote:
>     Some great thoughts and ideas here Matt and I agree with pretty
>     much everything you've said.  IIRC, I think there were challenges
>     with using Meetup as a platform over in APAC (China?) which I
>     think is why it hasn't received a more global adoption.  In
>     general, I do like the idea of a centralized platform for our
>     chapters to organize events in a way where they are easily found
>     by people in other communities.  For example, a search for
>     "security" in Meetup should yield the OWASP meeting in your area.
>     One thing that I also like about Meetup is the open Discussions
>     forums.  I've tried for years now to get a social platform for
>     OWASP that isn't the mailing list. I've spent quite a bit of
>     personal time with the content on http://my.owasp.org, and
>     promoted it a few times, but despite my best efforts, it seems
>     that OWASP very much prefers these old school mailing lists for
>     communication.  It's been a great platform for OWASP Austin, but
>     there's not much activity outside of that, unfortunately.  My
>     ideal would be a scenario where content on the mailing list is
>     sync'd to the discussion forums and vice-versa.  I'm not sure how
>     possible that would be, but it would certainly make these kinds of
>     conversations more available and searchable to those not "in the
>     know".
>     ~josh
>     On Thu, May 28, 2015 at 10:07 AM, Matt Konda <matt.konda at owasp.org
>     <mailto:matt.konda at owasp.org>> wrote:
>         Hello all,
>         Sorry in advance for the long email.
>         Following up on our meeting and some discussions at AppSecEU,
>         I wanted to think more about the OWASP "platform".  I see one
>         role of the board as working to make it easy for the
>         volunteers and leaders to succeed with their projects, events
>         and community building (chapters).
>         I'm a visual person so I put this presentation together with
>         boxes and colors as a point of reference.  I'm interested in
>         your feedback (comments enabled).  Please be patient with me,
>         this is just a rough idea and is not intended in any way to be
>         a criticism of where we are and what we are doing!!!  I made
>         notes in the notes area to explain my color choices.
>         https://docs.google.com/a/owasp.org/presentation/d/1SLd1BG4TxrN75NqQo8_zKLC8CfhYa8WgfkXx7mcerhU/edit?usp=sharing
>         Getting more concrete, I want to suggest based on this thought
>         process that we invest in Meetup as an organization and hire a
>         technical writer on a 3 month contract basis.
>         Here is the long story of why:
>         I asked one successful project leader what OWASP could do to
>         remove obstacles to success and their answer (paraphrasing)
>         was something like this:
>         "We struggle with:  publicity, documentation and training
>         courses."
>         This made me think that a concrete investment we could make to
>         support projects would be to hire a contract technical writer
>         to help with documentation across projects and the wiki. 
>         Assuming a 3 month, full time gig at a rate of $40 per hour
>         (75th percentile according to this
>         http://www.bls.gov/oes/current/oes273042.htm) would cost
>         approximately 21K.
>         We could build a list of tasks focused on:
>           * Documentation for 3 projects
>           * 10 wiki page updates per week (2 per day based on google
>             analytics top hits)
>         I imagine the person would work closely with the project
>         co-ordinator and community manager.
>         I don't know just what is realistic, but I am interested in
>         exploring ways that we can model and then build a platform of
>         core services that the foundation can provide to support
>         projects, chapters and events - with the goal of making it
>         easier to have success with our volunteers and leaders.
>         What do you think?  One thing that would help me is if we can
>         think about the metrics we wanted to measure in strategic
>         goals and whether these things would move the needle. I
>         haven't gotten there yet, but it seems to make sense...
>         Input appreciated!!!
>         Matt
>         _______________________________________________
>         Owasp-board mailing list
>         Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-board
>     _______________________________________________
>     Owasp-board mailing list
>     Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150529/225ff79f/attachment.html>

More information about the Owasp-board mailing list