[OWASP-GUIDE] Status of the Guide v2

Adrian Wiesmann awiesmann at swordlord.org
Sun May 9 17:30:59 EDT 2004


Chris

> Andrew appears to be willing to write the .NET stuff.  That would give
> us the big three (Java, PHP, and M$), the next question would be: what
> others make sense for us to tackle?

I just sent some mail to the webappsec maillist asking exactly that
question. (I sent a bcc to this list which should come up somewhen in a
few hrs :) )

I suggest that the 3 major ones should be adressed (.NET, Java and PHP) in
v2. Besides this I have nothing against adding more but we should not be
kept back waiting for another language to be included into the guide. What
I mean is that we should concentrate on the 3 above and besides this take
what we can get without concentrating to much on "noise".

Which brings me to something else: It would be veryvery fine if we could
have some short introduction talking about all the languages we cover and
when to choose which language and what is the main difference. Just to
give some neat overview over what kind of languages are there and which
would suit best in which moment and situation.


> I am guessing Perl CGI scripts should probably be next
> in priority.  I could probably take a stab at that, since there is
> already a wealth of information available, and I'm fairly comfortable
> with Perl.

Agree. But Perl IMHO is less a language for full grown web applications
than for smaller sites. Lightning might strike my computer again if I am
wrong :) 

Adrian




More information about the Owasp-guide mailing list