[Owasp-guide] Progress Report

Ken Owen kenowen at eowen.com
Wed Apr 21 17:05:39 EDT 2010


Mike

I agree with your suggestion on the second bullet and I've fleshed out 
the page. I have also made a first draft of the "Getting Started" page, 
the two pages under that (just menus but could have some description on 
them) and the business risk page.

Ken

Boberski, Michael [USA] wrote:
> Hi Ken, to help you out with what I mean further about filling out this section,
> 
> The bullets should be something like:
> 
> 
> The guidance was developed with the following objectives in mind:
> 
>   * _Use as a reference_ - Provide application architects and developers with a single, definitive repository of secure design patterns,
>   * _Use to make decisions_ - Provide guidance to security control developers as to how to either select or build security controls in order to satisfy application security requirements, and
>   * _Use as guidance_ - Provide guidance to security control developers as to how to use security controls in order to satisfy application security requirements
> 
> 
> I updated the wiki page with the above, to help things along. Maybe if you can take a stab at retooling the notes, there should be ones for ESAPI and ASVS, but they need to be reworked so they fit into this foreword somehow. The above could perhaps stand to be further worked on, e.g. the second bullet title should perhaps be "Use to make design decisions".
> 
> Best,
> 
> Mike B.
>  
> 
> 
> -----Original Message-----
> From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
> Sent: Monday, April 19, 2010 1:26 PM
> To: Ken Owen
> Cc: owasp mailn list
> Subject: Re: [Owasp-guide] Progress Report
> 
> Hi Ken, thanks for checking in.
> 
> References should use the section name (e.g. See the "Getting Started" section for a description of...) as it appears in the TOC. This applies to all sections. It would be helpful if you could also then include the hyperlink (e.g. [http... Getting Started]).
> 
> Ok, let's work on the Foreword. Here are my comments/edits: http://code.google.com/p/owasp-development-guide/wiki/Foreword . Can you take a crack at filling in the various places with ellipses? See the ASVS foreword to get an idea of how things should read, the level of detail, types of generalizations, etc.
> 
> Best,
> 
> Mike B.
> 
> 
> -----Original Message-----
> From: Ken Owen [mailto:kenowen at eowen.com] 
> Sent: Friday, April 16, 2010 4:49 PM
> To: Boberski, Michael [USA]
> Cc: owasp mailn list
> Subject: Progress Report
> 
> Mike
> 
> I put a short forward up this week, as well as first and second levels 
> of the "Getting Started" section. Should these pages be referencing 
> sections of the guide? Should I include resources on the web? For 
> instance articles on creating risk assessments for Internet and software 
> projects?
> 
> Ken
> 
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
> 
> 

-- 
Ken Owen
Edward Owen Company
Box 407
Granby, CT 06035-0407
Phone: 860.653.6258 x12
Fax: 860.653.6349
email: kenowen at eowen.com


More information about the Owasp-guide mailing list