[OWASP-GUIDE] OWASP Guide 2.0 Release Candidate

Andrew van der Stock vanderaj at greebo.net
Sun Jul 24 12:42:37 EDT 2005

Hi there,

The OWASP Guide 2.0 release candidate is now available.

Please download the Guide in your favorite format.

http://www.greebo.net/owasp/Guide2.0RC.zip (1.6 MB)

http://www.greebo.net/owasp/Guide2.0RC.pdf (1.6 MB)

If you have any URGENT edits, please address them to me directly at  
vanderaj at greebo.net

It has some editing to go, and potentially a chapter will be dropped  
out (it will re-appear in 2.1), but essentially, this is the order  
and content of the Final.

Things to be fixed prior to upload to SourceForge tomorrow night (in  
order of importance):

Hard stuff
* Finish any forgotten empty sections - I don't think there are any  
outside of Deployment, but...
* Tidy up the Session Management chapter. It needs re-ordering and  
coalescing followed by a good solid edit
* Finish or drop the Deployment chapter until 2.1. Most likely drop  
considering the other things which need to be fixed

Medium stuff
* Go through my e-mails of previous reviews and ensure that I have  
got them all. If you have supplied me with reviews, they WILL be added
* Go through the embedded comments and ensure that they are handled  
and removed.

Easy stuff
* Fix HEADA to be a new page in the template
* Ensure that the stacked "Description" HEADC heading is removed in  
all chapters
* References in many sections are missing or have not been verified.  
New research needs to be Googled and entered
* Cross-references need to be fixed (typically by removing them  
unless absolutely required)
* URLs which are not highlighted in blue need to be fixed (easy -  
control-k remove control-k enter)
* Re-order any remaining chapters to be in best practices ...  
addressing common weaknesses ... defending against attacks order  
(chapters which have had this done usually have HEADBs with the word  
"attack" in the last one or two slots
* Look for orphans. widows and tidy pages for balance

If you feel like reviewing the content, please start at the back and  
work forwards. The early chapters to "Session Management" have been  
reviewed quite a few times. The other chapters from Session  
Management on back have not been reviewed fully. Some, like Data  
Validation, Buffer overflows, Injections, etc are absolutely brand  
spanking new in this release.

There will be a 2.0.1, probably by the end of August, and 2.1 will be  
by the end of November when we go into print with No Starch Press.  
Edits for 2.0.1 will be incorporated into 2.1.


More information about the Owasp-guide mailing list