[OWASP-GUIDE] Going on with the Guide

Ray Stirbei rstirbei at acm.org
Thu Feb 12 23:48:28 EST 2004


I agree with sticking to the current Docbook format and the automated build 
process.  I also agree bringing a focus on remediation techniques and I 
believe the latest version of the proposed table of contents spreadsheet 
(checked into cvs) includes a 'how to mitigate' section for each chapter (see 
the chapter flow worksheet). Server configuration files or parameters can be 
included in this section, although we have to tread on the fine line of 
giving the expectation that using configuration x will make a web app 
suddenly secured. 

It seems that many web apps still stumble when it comes to basic session 
management and input validation.

Cheers

Ray




On Thursday 12 February 2004 06:24 pm, Andrew van der Stock wrote:
> Adrian,
>
> I'd suggest using the nightly build process through CVS check-ins, so
> people can contribute (or edit) after reviewing the changes in the nightly
> build PDF.
>
> One change I'd like to see is more information regarding *how to fix*
> rather than just the why and how to exploit the problem. For example, it's
> fine to say force your web server to assert a locale, but how to do this on
> a sample web server or two would be good. As it's an open project, probably
> choosing Apache (web server) and Tomcat (JSP servlet engine) as the
> examples would be a good idea. Someone with enough interest could later
> theoretically produce "productized" versions for IIS / ASP.NET or for PHP.
>
> Andrew
>
> -----Original Message-----
> From: owasp-guide-admin at lists.sourceforge.net
> [mailto:owasp-guide-admin at lists.sourceforge.net] On Behalf Of Adrian
> Wiesmann
> Sent: Friday, February 13, 2004 6:33 AM
> To: owasp-guide at lists.sourceforge.net
> Cc: owasp-leaders at lists.sourceforge.net
> Subject: [OWASP-GUIDE] Going on with the Guide
>
> Hey list
>
> It was lately very silent concerning the Guide and it's next version.
> Therefore I recently was in contact with Mark proposing him my idea of the
> future way to go and we decided, that I take over the further development
> of the guide.
>
> We decided that I take over control of the Guide as a one man show with
> the idea to take contributions when they are coming in.
>
> I am now updating the Guide's structure and bring the project back to
> life. I therefore will let you know more infos when they are ready.
>
> Best regards,
> Adrian
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-guide
>
>
>
> -------------------------------------------------------
> SF.Net is sponsored by: Speed Start Your Linux Apps Now.
> Build and deploy apps & Web services for Linux with
> a free DVD software kit from IBM. Click Now!
> http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-guide





More information about the Owasp-guide mailing list