[OWASP-GUIDE] Guide V2 - A time for action

Jeremy Poteet jpoteet at tech-partners.com
Fri Mar 14 12:17:36 EST 2003


One minor change I would suggest is to swap the order of the Common Problems
and Data Validation chapters.  When I was writing them, I took the approach
of Data Validation as the most common issue and then Common Problems became
other common issues not related to data validation.  Just a thought.

Jeremy


On 3/14/03 11:03 AM, "Mark Curphey" <mark at curphey.com> wrote:

> Very much the right woman ;-)
> 
> The privacy chapter should be P3P.
> 
> Single Sign On has some privacy issues obviously but I think that is a
> section in its own right as below in Chapter 6.
> 
> I would think we should have the common problems further forward and the
> cryptography section towards the end as well.
> 
> Introduction
> Overview
> Principles
> Web Security Architectures (MVC etc)
> Web Application Frameworks (J2EE and .NET)
> Common Problems and How to Mitigate them
> Data Validation
> Authentication (including SAML and Liberty and .NET Passport)
> Access Control, Authorization and Session Management
> Web Services and XML Security
> Event Logging and Monitoring
> Privacy
> Cryptography
> Appendix A - Java Examples
> Appendix B PHP Examples
> 
> I may be missing a few things still.
> 
> We have a volunteer for DocBook work. Meet Ray Stirbei. Welcome. Ray,
> Adrian has also volunteered so maybe you guys can work together. You can
> sign up to the owsp-guide at lists.sourceforge.net list off the sourceforge
> page.
> 
> 
> 
> On Fri, 2003-03-14 at 08:24, Adrian Wiesmann wrote:
>>> I never have the last word on anything ;-)
>> 
>> Married to the wrong woman then? :)
>> 
>>> I can see a case for SAML and Liberty and .NET passport being part of a
>>> chapter on SSO / Authentication. I can also see a case for it being part
>>> of web services.
>> 
>> I would very much agree on SAML be put in the Web Services Chapter and
>> Liberty and Passport put into a "Privacy" chapter. SAML is about something
>> in XML, which the whole Web Services chapter is all about. The other two
>> are mostly about privacy and authentication which would not really fit in
>> there.
>> 
>>> Does anybody have an idealized list of all Chapter headings or strong
>>> feeling n how things should be laid out ?
>> 
>> Hmm havent we done so lately?
>> 
>> The last mail I found was by me :)
>> 
>>> Starter
>>> 1 - Introduction
>>> 2 - Background
>>> 3 - Thinking about the Problem
>>> 4 - Principles
>>> Theory
>>> 13- Privacy
>>> 14- Cryptography
>>> 12- Web Services and XML Security
>>> 5 - Web Security Architectures
>>> Practice
>>> 6 - Authentication (including SAML and Liberty)
>>> 8 - Access Control and Authorization
>>> 7 - Session Management
>>> 10- Data Validation
>>> 9 - Event Logging and Monitoring
>>> Summary
>>> 11- Common Problems and How to Mitigate them
>>> 
>>> I tried to get the guide into 4 logical groups. While I am not quite
>>> satisfied with that version above, I think it's a way to try to go on
>>> with. And we definitely would need better names for the 4 logical
>>> groups.
>> 
>> Let's take this as a starter?
>> 
>>> Anybody interested in re-doing the DocBook when the new layout is agreed
>>> ?
>> 
>> I could do so but would not burn my hands for if anybody else would be
>> interested :)
>> 
>> Regards,
>> Adrian
>> 
>> 
>> -------------------------------------------------------
>> This SF.net email is sponsored by:Crypto Challenge is now open!
>> Get cracking and register here for some mind boggling fun and
>> the chance of winning an Apple iPod:
>> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
>> _______________________________________________
>> Owasp-guide mailing list
>> Owasp-guide at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/owasp-guide





More information about the Owasp-guide mailing list