[OWASP-GUIDE] Question concerning usage of languages for webapps
Andrew van der Stock
vanderaj at greebo.net
Tue May 18 11:19:27 EDT 2004
I think what would be useful right now is guidance on the language specific
sections. Projects at the mercy of volunteers are necessarily limited in
scope to those who have an itch to complete those things that make them
scratch. Or something like that.
I think something along the lines of:
Go through the OWASP top 10 and identify language / framework features or
coding patterns which satisfy the Top 10, and then go through a few other
Guide issues which are non-obvious. For example, the session management
section of .NET will be very short - .NET's session manager is good enough,
here's how not to obviate it. For example on the non-obvious aspect, secret
storage in .NET is completely non-obvious.
What do others think? Remember, there will be a 2.1 and 3.0 down the track,
so "good enough and timely" is better than a 1000 page treatise that is late
or never arrives.
Andrew (who is feeling a little like a black kettle)
From: owasp-guide-admin at lists.sourceforge.net
[mailto:owasp-guide-admin at lists.sourceforge.net] On Behalf Of Adrian
Sent: Tuesday, 18 May 2004 11:58 PM
To: owasp-guide at lists.sourceforge.net
Subject: Re: [OWASP-GUIDE] Question concerning usage of languages for
Without trying to flame anybody, the whole discussion gets unnecessary for
one simple reason: Possibilities. Therefore as current lead of the Guide
and responsible for v2 it is quite easy for me to decide what to do.
While the focus for v2 will not be language centric in the term of
separating all languages from each other it will be grouped into 4
sub-sections like mentioned before. One single subsection for every type
of language group like Java/.Net, Scripting (PHP, PERL, ASP), CGI and
Frameworks. How big and extensive every single subsection gets depends on
one single factor: Ressources.
Or in other words: If we find volunteers for every single language out
there and these volunteers return some stuff in time, I will be the last
to not include that material in the v2. Meanwhile we concentrate on
something like outlined above.
So please return to the discussion Chris and I started before where we try
to define the concrete input of the language section.
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
Owasp-guide mailing list
Owasp-guide at lists.sourceforge.net
More information about the Owasp-guide