[Owasp-guide] Awaiting further guidance for OWASP-0100 Security Architecture
kevin.horvath at gmail.com
Fri Apr 9 12:26:07 EDT 2010
First, thanks for taking the effort to clean up the first stab at the
write-up Charlie and I provided. This section is a little different
from the others as it encompasses the entire Application and its
environment. So basically its not a deep dive into any one area (such
as input validation for example) but i wanted to make sure i touched
on all areas of importance to application security and its surrounding
environment. So I wanted to touch on all areas of application design
(logical and phyical placement), supporting security devices (web app
firewalls for example), etc.
I dont believe there is any specific roadmap for our section. So, I
would recommend starting with what Charlie and I put up on the wiki
and editing, removing things that you dont necessarily agree with,
adding and expanding on areas you think need more information, etc.
The Architecture section could be a book in itself if we deep dived
into every area and some of the areas start boardering on being out of
scope if you go too deep (for example IDS, app firewalls, etc) but
they need to be mentioned. Basically make of it what you will and add
to it how you see fit. If you want to just brainstorm and throw out
some ideas to list on how to build off whats currently there, then we
can help. Let me know what you think of the current content and your
ideas of where you would like to see it go and Charlie and I can help
you write it.
On Fri, Apr 9, 2010 at 11:00 AM, Mike Lewis <m_d_lewis at comcast.net> wrote:
> Mylene and all,
> I've broken down the Security Architecture section into further chunks,
> and now I am awaiting further instructions on what to do next.
> I know some of you have worked on OWASP projects in the past and a lot
> of this stuff is intuitively obvious to you, but this is my first one and I
> need a little more handholding and guidance. As you can see by my work
> already, though, if you show me what needs to be done, I'll go out and do it
> a hundred times over. I just need that small push to get going.
> Mylene, you're supposed to be leading this section, but I haven't heard
> one peep from you. I've gotten some cloudy and conflicting guidance from
> Mike about what to do, but I'm still sort of lost, as he apparently has a
> master vision for this document, but I'm completely blind as to what it is.
> I know Charlie and Kevin have taken a stab at some documentation for the
> section, and I applaud them for their enthusiasm; like them, I want to jump
> in and crank some material out. However, I think we're all confused about
> what exactly our roles here are.
> I know Mike has a definite vision of how this thing should be set up,
> based on his comments thus far about how the document should be structured.
> I believe that he has shared that vision with Mylene, based on his repeated
> requests for me to coordinate with Mylene. However, that vision has not
> trickled down to me, which is the source of my frustration on this project.
> I respectfully request some additional guidance from anyone who will
> step up and help show me and guide me and lead me to what exactly I am
> supposed to be doing.
> -- Mike Lewis
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
More information about the Owasp-guide