[OWASP-GUIDE] Guide V2 - A time for action

Mark Curphey mark at curphey.com
Fri Mar 14 12:03:24 EST 2003


Very much the right woman ;-)

The privacy chapter should be P3P. 

Single Sign On has some privacy issues obviously but I think that is a
section in its own right as below in Chapter 6.

I would think we should have the common problems further forward and the
cryptography section towards the end as well.

Introduction
Overview
Principles
Web Security Architectures (MVC etc)
Web Application Frameworks (J2EE and .NET)
Common Problems and How to Mitigate them
Data Validation
Authentication (including SAML and Liberty and .NET Passport)
Access Control, Authorization and Session Management
Web Services and XML Security
Event Logging and Monitoring
Privacy
Cryptography
Appendix A - Java Examples
Appendix B PHP Examples

I may be missing a few things still.

We have a volunteer for DocBook work. Meet Ray Stirbei. Welcome. Ray,
Adrian has also volunteered so maybe you guys can work together. You can
sign up to the owsp-guide at lists.sourceforge.net list off the sourceforge
page.



On Fri, 2003-03-14 at 08:24, Adrian Wiesmann wrote:
> > I never have the last word on anything ;-)
> 
> Married to the wrong woman then? :)
> 
> > I can see a case for SAML and Liberty and .NET passport being part of a
> > chapter on SSO / Authentication. I can also see a case for it being part
> > of web services. 
> 
> I would very much agree on SAML be put in the Web Services Chapter and
> Liberty and Passport put into a "Privacy" chapter. SAML is about something
> in XML, which the whole Web Services chapter is all about. The other two
> are mostly about privacy and authentication which would not really fit in
> there.
> 
> > Does anybody have an idealized list of all Chapter headings or strong
> > feeling n how things should be laid out ?
> 
> Hmm havent we done so lately?
> 
> The last mail I found was by me :)
> 
> > Starter
> > 1 - Introduction
> > 2 - Background
> > 3 - Thinking about the Problem
> > 4 - Principles
> > Theory
> > 13- Privacy
> > 14- Cryptography
> > 12- Web Services and XML Security
> > 5 - Web Security Architectures
> > Practice
> > 6 - Authentication (including SAML and Liberty)
> > 8 - Access Control and Authorization
> > 7 - Session Management
> > 10- Data Validation
> > 9 - Event Logging and Monitoring
> > Summary
> > 11- Common Problems and How to Mitigate them
> > 
> > I tried to get the guide into 4 logical groups. While I am not quite
> > satisfied with that version above, I think it's a way to try to go on
> > with. And we definitely would need better names for the 4 logical
> > groups.
> 
> Let's take this as a starter?
> 
> > Anybody interested in re-doing the DocBook when the new layout is agreed
> > ?
> 
> I could do so but would not burn my hands for if anybody else would be
> interested :)
> 
> Regards,
> Adrian
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by:Crypto Challenge is now open! 
> Get cracking and register here for some mind boggling fun and 
> the chance of winning an Apple iPod:
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-guide
-- 
Mark Curphey <mark at curphey.com>





More information about the Owasp-guide mailing list