[OWASP-GUIDE] Status of the Guide v2

Adrian Wiesmann awiesmann at swordlord.org
Tue May 18 03:23:46 EDT 2004


> So are you thinking that the language section will be multiple chapters,
> or one big chapter?

Like the rest of the guide. The language thingy is one section. Where
section means a bunch of chapters kept together in one logical group.

> I like the idea of separating the languages by "type" (script vs.
> executable CGI vs. framework), because each type shares characteristics.
> Are you thinking that the "common problems" section/chapter would focus
> primarily on the interaction between language design and security, or
> are you thinking along different lines?

I think on the same lines but think that this is not the only content we
should add. The goal of this common chapter needs to be to show these
points (among others):

- A language theoretically should be chosen for the job one wants to do.
- Every language has its caveeats and problems. (As demonstrated in the
following chapters)
- There are a few common problems with every language (Good programming
practices, and every programmer should know what she does)
- Testingtestingtesting
- etc.

So this common chapter is actually kind of a developer centric best
practice compilation. Followed by chapters containing informations and
strategies for programming techniques (script, framework, cgi...).


More information about the Owasp-guide mailing list