[OWASP-GUIDE] OWASP Guide 2.0 Release Candidate
Andrew van der Stock
vanderaj at greebo.net
Sun Jul 24 12:42:37 EDT 2005
The OWASP Guide 2.0 release candidate is now available.
Please download the Guide in your favorite format.
http://www.greebo.net/owasp/Guide2.0RC.zip (1.6 MB)
http://www.greebo.net/owasp/Guide2.0RC.pdf (1.6 MB)
If you have any URGENT edits, please address them to me directly at
vanderaj at greebo.net
It has some editing to go, and potentially a chapter will be dropped
out (it will re-appear in 2.1), but essentially, this is the order
and content of the Final.
Things to be fixed prior to upload to SourceForge tomorrow night (in
order of importance):
* Finish any forgotten empty sections - I don't think there are any
outside of Deployment, but...
* Tidy up the Session Management chapter. It needs re-ordering and
coalescing followed by a good solid edit
* Finish or drop the Deployment chapter until 2.1. Most likely drop
considering the other things which need to be fixed
* Go through my e-mails of previous reviews and ensure that I have
got them all. If you have supplied me with reviews, they WILL be added
* Go through the embedded comments and ensure that they are handled
* Fix HEADA to be a new page in the template
* Ensure that the stacked "Description" HEADC heading is removed in
* References in many sections are missing or have not been verified.
New research needs to be Googled and entered
* Cross-references need to be fixed (typically by removing them
unless absolutely required)
* URLs which are not highlighted in blue need to be fixed (easy -
control-k remove control-k enter)
* Re-order any remaining chapters to be in best practices ...
addressing common weaknesses ... defending against attacks order
(chapters which have had this done usually have HEADBs with the word
"attack" in the last one or two slots
* Look for orphans. widows and tidy pages for balance
If you feel like reviewing the content, please start at the back and
work forwards. The early chapters to "Session Management" have been
reviewed quite a few times. The other chapters from Session
Management on back have not been reviewed fully. Some, like Data
Validation, Buffer overflows, Injections, etc are absolutely brand
spanking new in this release.
There will be a 2.0.1, probably by the end of August, and 2.1 will be
by the end of November when we go into print with No Starch Press.
Edits for 2.0.1 will be incorporated into 2.1.
More information about the Owasp-guide