[Owasp-codereview] Looking for "cheat sheet" authors

Boberski, Michael [USA] boberski_michael at bah.com
Wed Mar 31 15:11:57 EDT 2010


Current and aspiring cheat sheet authors:

The development guide project wants YOU!

It recently occurred to me that the rise of cheat sheets reflect a need to have an updated development guide, for which work has recently begun.

I think, the development guide is the right place for cheat sheet info to be. They otherwise are kind of random unrated content. Absolutely awesome new content, but unrated (with respect to OWASP project criteria) and disorganized. Putting these in the Guide will centralize them, and make them easy to find, as well as easy to find related content. The structure of the Guide would also provide a "roadmap" for developing additional cheat sheet content (really, Guide content) for those who are interested in contributing such awesome content.

Please see below for more details. Please consider contributing new cheat sheets directly to the guide project. Here is the current annotated outline, in wiki format: http://code.google.com/p/owasp-development-guide/wiki/Guide

Best,

Mike B.

From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
Sent: Wednesday, March 31, 2010 2:37 PM
To: owasp-guide at lists.owasp.org
Subject: [Owasp-guide] Outline revised to include "cheat sheet" sections
Importance: High

Hi,

FYI, I've revised the input validation guidelines outline to reflect a revised outline structure which should then be reflected across the other guidelines sections:

# OWASP-0500 Input Validation

    * OWASP-0502 Verify that a positive validation pattern is defined and applied to all input.
          o OWASP-0502-DG-01 Define a positive validation pattern for all input
                + Worksheet <-- please note the shorter title
          o OWASP-0502-DG-02 Apply a positive validation pattern to all input
                + Build or buy? <-- please note the shorter title
                + Cheat sheet <--the two existing sections were collapsed into one new one
                + See also

So, we have "worksheets" and "cheat sheets", but no more "checklists" which hadn't yet been defined in more detail. Accordingly, in SVN, I renamed the checklist directory "cheat_sheets" and renamed the one placeholder/sample "owasp-guide-0500-input-validation-cheat-sheet.doc".

For those lucky few who are working on sections for which corresponding cheat sheets exist, you've just written a section, cut-paste that text over!! Please make sure to keep the attribution in tact (i.e. right now just cut-paste the whole thing for each cheat sheet), we'll consolidate attribution information later on.

Note that these sections didn't really go away, if you read the cheat sheets, you'll see that they provide advice where and how to use controls, just in an all-in-one kinda format. The build/buy sections also persist, it's imporant to have tables in these sections that summarize/clearly state what's expected in terms of security checks/effects.

Best,

Mike B.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20100331/dafa21b9/attachment.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001..txt
Url: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20100331/dafa21b9/attachment.txt 


More information about the Owasp-codereview mailing list