[OWASP-GUIDE] Status of the Guide v2

ray stirbei me at highentropy.org
Sun May 9 04:40:34 EDT 2004

I agree with you guys that .NET and Java are most widely used in the 
commercial world as PHP and (still) Perl on the open source world. I like 
Adrian's suggestion about having a section to tie them together and provide 
some context. 

Although its worthwhile to address to each language at its usage/syntax level, 
we should also look at these as platforms. I don't know any web development 
project s that start with a language and build from scratch. PHP and Perl are 
typically selected because of an application or script that is available and 
that fits the need. The user roles are not the same: the language section 
would speak to a developer/architect while a section on these languages as 
platoforms would speak to an implementor/integrator or someone who can code 
but whose interest is taking something that;s already written and customizing 
it to the specific need. 

I see a lot of value in a grand unifying section that gives an overview of 
these languages, a high level list of strengths/weaknesses, and how they fit 
into a web development project (as a platform/approach). This section could 
also include cursory reviews of other approaches, from has-beens such as 
coldfusion to up and coming like macromedia flash 
( http://www.infoworld.com/article/04/03/29/13TCflex_1.html )

I'd love to help out with this section, but I have a history of signing up for 
something and then my boss/workload disagreeing. If anyone would like to sign 
up and take ownership, let me know and we can coordinate.


On Sunday 09 May 2004 05:30 pm, Adrian Wiesmann wrote:
> Chris
> > Andrew appears to be willing to write the .NET stuff.  That would give
> > us the big three (Java, PHP, and M$), the next question would be: what
> > others make sense for us to tackle?
> I just sent some mail to the webappsec maillist asking exactly that
> question. (I sent a bcc to this list which should come up somewhen in a
> few hrs :) )
> I suggest that the 3 major ones should be adressed (.NET, Java and PHP) in
> v2. Besides this I have nothing against adding more but we should not be
> kept back waiting for another language to be included into the guide. What
> I mean is that we should concentrate on the 3 above and besides this take
> what we can get without concentrating to much on "noise".
> Which brings me to something else: It would be veryvery fine if we could
> have some short introduction talking about all the languages we cover and
> when to choose which language and what is the main difference. Just to
> give some neat overview over what kind of languages are there and which
> would suit best in which moment and situation.
> > I am guessing Perl CGI scripts should probably be next
> > in priority.  I could probably take a stab at that, since there is
> > already a wealth of information available, and I'm fairly comfortable
> > with Perl.
> Agree. But Perl IMHO is less a language for full grown web applications
> than for smaller sites. Lightning might strike my computer again if I am
> wrong :)
> Adrian
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-guide

More information about the Owasp-guide mailing list