[OWASP-GUIDE] Guide V2 - A time for action
jpoteet at tech-partners.com
Fri Mar 14 12:17:36 EST 2003
One minor change I would suggest is to swap the order of the Common Problems
and Data Validation chapters. When I was writing them, I took the approach
of Data Validation as the most common issue and then Common Problems became
other common issues not related to data validation. Just a thought.
On 3/14/03 11:03 AM, "Mark Curphey" <mark at curphey.com> wrote:
> Very much the right woman ;-)
> The privacy chapter should be P3P.
> Single Sign On has some privacy issues obviously but I think that is a
> section in its own right as below in Chapter 6.
> I would think we should have the common problems further forward and the
> cryptography section towards the end as well.
> Web Security Architectures (MVC etc)
> Web Application Frameworks (J2EE and .NET)
> Common Problems and How to Mitigate them
> Data Validation
> Authentication (including SAML and Liberty and .NET Passport)
> Access Control, Authorization and Session Management
> Web Services and XML Security
> Event Logging and Monitoring
> Appendix A - Java Examples
> Appendix B PHP Examples
> I may be missing a few things still.
> We have a volunteer for DocBook work. Meet Ray Stirbei. Welcome. Ray,
> Adrian has also volunteered so maybe you guys can work together. You can
> sign up to the owsp-guide at lists.sourceforge.net list off the sourceforge
> On Fri, 2003-03-14 at 08:24, Adrian Wiesmann wrote:
>>> I never have the last word on anything ;-)
>> Married to the wrong woman then? :)
>>> I can see a case for SAML and Liberty and .NET passport being part of a
>>> chapter on SSO / Authentication. I can also see a case for it being part
>>> of web services.
>> I would very much agree on SAML be put in the Web Services Chapter and
>> Liberty and Passport put into a "Privacy" chapter. SAML is about something
>> in XML, which the whole Web Services chapter is all about. The other two
>> are mostly about privacy and authentication which would not really fit in
>>> Does anybody have an idealized list of all Chapter headings or strong
>>> feeling n how things should be laid out ?
>> Hmm havent we done so lately?
>> The last mail I found was by me :)
>>> 1 - Introduction
>>> 2 - Background
>>> 3 - Thinking about the Problem
>>> 4 - Principles
>>> 13- Privacy
>>> 14- Cryptography
>>> 12- Web Services and XML Security
>>> 5 - Web Security Architectures
>>> 6 - Authentication (including SAML and Liberty)
>>> 8 - Access Control and Authorization
>>> 7 - Session Management
>>> 10- Data Validation
>>> 9 - Event Logging and Monitoring
>>> 11- Common Problems and How to Mitigate them
>>> I tried to get the guide into 4 logical groups. While I am not quite
>>> satisfied with that version above, I think it's a way to try to go on
>>> with. And we definitely would need better names for the 4 logical
>> Let's take this as a starter?
>>> Anybody interested in re-doing the DocBook when the new layout is agreed
>> I could do so but would not burn my hands for if anybody else would be
>> interested :)
>> This SF.net email is sponsored by:Crypto Challenge is now open!
>> Get cracking and register here for some mind boggling fun and
>> the chance of winning an Apple iPod:
>> Owasp-guide mailing list
>> Owasp-guide at lists.sourceforge.net
More information about the Owasp-guide