[Owasp-guide] AUTHOR ACTION REQUIRED -- REVISED OUTLINE (RESEND)
Boberski, Michael [USA]
boberski_michael at bah.com
Mon Apr 5 14:32:10 EDT 2010
(((((( PLEASE READ BELOW. PLEASE UPDATE YOUR SECTION ACCORDINGLY. NUMBERING COP, LITTLE HELP AS WELL FOR E.G. 1300?? I AM GOING TO STOP MY FURTHER REVIEWS UNTIL THE OUTLINES ARE UPDATED. ))))))))
Here is the revised outline for the detailed sections, using input validation as the example, the online version of which has yet to be updated accordingly:
# OWASP-0500 Input Validation
* Build or buy?
o OWASP-0502 Verify that a positive validation pattern is defined and applied to all input.
+ OWASP-0502-DG-01 Define a positive validation pattern for all input
+ OWASP-0502-DG-02 Apply a positive validation pattern to all input
o Input validation worksheet
* See also
For "# OWASP-0500 Input Validation", there shall be a brief explanation about what input validation is and examples of related vulnerabilities, containing recycled or new content.
For "Build or buy", this shall be the guts of each section, containing recycled or new content, according to ASVS requirement and derived guide requirement. The reader should be able to determine if available solutions are sufficient, whether they'll have to build or buy, after reading through this section, that is the "sanity check" that will be performed when reviewing this section. Subsections shall refer to any available worksheets in the next section.
For "Worksheets", there shall be one or more worksheets per section. This will be entirely new content.
For "See also", there shall be references to cheat sheets and other sections and OWASP materials as appropriate.
This structure will also allow us to insert a "Sample code" section later on, but I do not wish to confuse matters by trying to juggle code and content at this point.
More information about the Owasp-guide