[OWASP-GUIDE] 2.1 plans

Andrew van der Stock vanderaj at greebo.net
Sun Jul 24 13:26:29 EDT 2005


Hi there,

This is a placeholder thought list for me before I head to Blackhat  
and forget it all in a fugue of alcohol crazed partying.

Revisions list (2.0.1 leading into 2.1)

Hard review all chapters and revise into Top 10 format as applicable  
(see Privacy chapter for a not-quite-there chapter)
Flesh out weaker chapters (ie new injection and buffer overflow  
chapter needs more detail, ditto DoS)

Improvements for 2.1

Write / complete lost chapters from 2.0
Include applicable COBIT control objective references near the top of  
each chapter
Include detail on how to find each issue when performing code reviews
Rank issues to identify which issues are for "highly protected"  
applications
More diagrams to aid comprehension, particularly buffer overflows and  
injections

New for 2.1

Write a chapter on how to perform code reviews. Share with the  
Testing team
Write a distributed programming chapter, which includes race  
conditions and multi-threadedness
Write ASP.NET and J2EE language specific chapters

Feel free to discuss :)

thanks,
Andrew




More information about the Owasp-guide mailing list