[OWASP-GUIDE] Guide V2 - A time for action

Mark Curphey mark at curphey.com
Fri Mar 14 13:14:13 EST 2003


Makes sense to me.

On Fri, 2003-03-14 at 09:17, Jeremy Poteet wrote:
> One minor change I would suggest is to swap the order of the Common Problems
> and Data Validation chapters.  When I was writing them, I took the approach
> of Data Validation as the most common issue and then Common Problems became
> other common issues not related to data validation.  Just a thought.
> 
> Jeremy
> 
> 
> On 3/14/03 11:03 AM, "Mark Curphey" <mark at curphey.com> wrote:
> 
> > Very much the right woman ;-)
> > 
> > The privacy chapter should be P3P.
> > 
> > Single Sign On has some privacy issues obviously but I think that is a
> > section in its own right as below in Chapter 6.
> > 
> > I would think we should have the common problems further forward and the
> > cryptography section towards the end as well.
> > 
> > Introduction
> > Overview
> > Principles
> > Web Security Architectures (MVC etc)
> > Web Application Frameworks (J2EE and .NET)
> > Common Problems and How to Mitigate them
> > Data Validation
> > Authentication (including SAML and Liberty and .NET Passport)
> > Access Control, Authorization and Session Management
> > Web Services and XML Security
> > Event Logging and Monitoring
> > Privacy
> > Cryptography
> > Appendix A - Java Examples
> > Appendix B PHP Examples
> > 
> > I may be missing a few things still.
> > 
> > We have a volunteer for DocBook work. Meet Ray Stirbei. Welcome. Ray,
> > Adrian has also volunteered so maybe you guys can work together. You can
> > sign up to the owsp-guide at lists.sourceforge.net list off the sourceforge
> > page.
> > 
> > 
> > 
> > On Fri, 2003-03-14 at 08:24, Adrian Wiesmann wrote:
> >>> I never have the last word on anything ;-)
> >> 
> >> Married to the wrong woman then? :)
> >> 
> >>> I can see a case for SAML and Liberty and .NET passport being part of a
> >>> chapter on SSO / Authentication. I can also see a case for it being part
> >>> of web services.
> >> 
> >> I would very much agree on SAML be put in the Web Services Chapter and
> >> Liberty and Passport put into a "Privacy" chapter. SAML is about something
> >> in XML, which the whole Web Services chapter is all about. The other two
> >> are mostly about privacy and authentication which would not really fit in
> >> there.
> >> 
> >>> Does anybody have an idealized list of all Chapter headings or strong
> >>> feeling n how things should be laid out ?
> >> 
> >> Hmm havent we done so lately?
> >> 
> >> The last mail I found was by me :)
> >> 
> >>> Starter
> >>> 1 - Introduction
> >>> 2 - Background
> >>> 3 - Thinking about the Problem
> >>> 4 - Principles
> >>> Theory
> >>> 13- Privacy
> >>> 14- Cryptography
> >>> 12- Web Services and XML Security
> >>> 5 - Web Security Architectures
> >>> Practice
> >>> 6 - Authentication (including SAML and Liberty)
> >>> 8 - Access Control and Authorization
> >>> 7 - Session Management
> >>> 10- Data Validation
> >>> 9 - Event Logging and Monitoring
> >>> Summary
> >>> 11- Common Problems and How to Mitigate them
> >>> 
> >>> I tried to get the guide into 4 logical groups. While I am not quite
> >>> satisfied with that version above, I think it's a way to try to go on
> >>> with. And we definitely would need better names for the 4 logical
> >>> groups.
> >> 
> >> Let's take this as a starter?
> >> 
> >>> Anybody interested in re-doing the DocBook when the new layout is agreed
> >>> ?
> >> 
> >> I could do so but would not burn my hands for if anybody else would be
> >> interested :)
> >> 
> >> Regards,
> >> Adrian
> >> 
> >> 
> >> -------------------------------------------------------
> >> This SF.net email is sponsored by:Crypto Challenge is now open!
> >> Get cracking and register here for some mind boggling fun and
> >> the chance of winning an Apple iPod:
> >> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
> >> _______________________________________________
> >> Owasp-guide mailing list
> >> Owasp-guide at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/owasp-guide
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by:Crypto Challenge is now open! 
> Get cracking and register here for some mind boggling fun and 
> the chance of winning an Apple iPod:
> http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-guide
-- 
Mark Curphey <mark at curphey.com>





More information about the Owasp-guide mailing list