[Owasp-guide] Progress Report
Boberski, Michael [USA]
boberski_michael at bah.com
Mon Apr 19 16:01:54 EDT 2010
Hi Ken, to help you out with what I mean further about filling out this section,
The bullets should be something like:
The guidance was developed with the following objectives in mind:
* _Use as a reference_ - Provide application architects and developers with a single, definitive repository of secure design patterns,
* _Use to make decisions_ - Provide guidance to security control developers as to how to either select or build security controls in order to satisfy application security requirements, and
* _Use as guidance_ - Provide guidance to security control developers as to how to use security controls in order to satisfy application security requirements
I updated the wiki page with the above, to help things along. Maybe if you can take a stab at retooling the notes, there should be ones for ESAPI and ASVS, but they need to be reworked so they fit into this foreword somehow. The above could perhaps stand to be further worked on, e.g. the second bullet title should perhaps be "Use to make design decisions".
From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
Sent: Monday, April 19, 2010 1:26 PM
To: Ken Owen
Cc: owasp mailn list
Subject: Re: [Owasp-guide] Progress Report
Hi Ken, thanks for checking in.
References should use the section name (e.g. See the "Getting Started" section for a description of...) as it appears in the TOC. This applies to all sections. It would be helpful if you could also then include the hyperlink (e.g. [http... Getting Started]).
Ok, let's work on the Foreword. Here are my comments/edits: http://code.google.com/p/owasp-development-guide/wiki/Foreword . Can you take a crack at filling in the various places with ellipses? See the ASVS foreword to get an idea of how things should read, the level of detail, types of generalizations, etc.
From: Ken Owen [mailto:kenowen at eowen.com]
Sent: Friday, April 16, 2010 4:49 PM
To: Boberski, Michael [USA]
Cc: owasp mailn list
Subject: Progress Report
I put a short forward up this week, as well as first and second levels
of the "Getting Started" section. Should these pages be referencing
sections of the guide? Should I include resources on the web? For
instance articles on creating risk assessments for Internet and software
Owasp-guide mailing list
Owasp-guide at lists.owasp.org
More information about the Owasp-guide