[Owasp-guide] Progress Report

Boberski, Michael [USA] boberski_michael at bah.com
Thu Apr 22 14:39:31 EDT 2010


Hi Ken. Ok, we're done with the Foreword for now then, thanks.

So onward to Getting Started...

I was thinking this section (all of it) should be narrative (full sentences and paragraphs, pictures, etc.). No checklists or worksheets. To start, minimum 1 paragraph per page, 3-4 sentences, let's say.

This section will likely be all new writing, although there might be a small amount of stuff that can be recycled, words about threat modeling catch my eye as I click through the outline. Obviously ASVS didn't exist when the previous guide was written so section "Mapping the Top Ten to ASVS" would be new.

Best,

Mike B.


-----Original Message-----
From: Ken Owen [mailto:kenowen at eowen.com] 
Sent: Wednesday, April 21, 2010 5:06 PM
To: Boberski, Michael [USA]
Cc: owasp mailn list
Subject: Re: Progress Report

Mike

I agree with your suggestion on the second bullet and I've fleshed out 
the page. I have also made a first draft of the "Getting Started" page, 
the two pages under that (just menus but could have some description on 
them) and the business risk page.

Ken

Boberski, Michael [USA] wrote:
> Hi Ken, to help you out with what I mean further about filling out this section,
> 
> The bullets should be something like:
> 
> 
> The guidance was developed with the following objectives in mind:
> 
>   * _Use as a reference_ - Provide application architects and developers with a single, definitive repository of secure design patterns,
>   * _Use to make decisions_ - Provide guidance to security control developers as to how to either select or build security controls in order to satisfy application security requirements, and
>   * _Use as guidance_ - Provide guidance to security control developers as to how to use security controls in order to satisfy application security requirements
> 
> 
> I updated the wiki page with the above, to help things along. Maybe if you can take a stab at retooling the notes, there should be ones for ESAPI and ASVS, but they need to be reworked so they fit into this foreword somehow. The above could perhaps stand to be further worked on, e.g. the second bullet title should perhaps be "Use to make design decisions".
> 
> Best,
> 
> Mike B.
>  
> 
> 
> -----Original Message-----
> From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
> Sent: Monday, April 19, 2010 1:26 PM
> To: Ken Owen
> Cc: owasp mailn list
> Subject: Re: [Owasp-guide] Progress Report
> 
> Hi Ken, thanks for checking in.
> 
> References should use the section name (e.g. See the "Getting Started" section for a description of...) as it appears in the TOC. This applies to all sections. It would be helpful if you could also then include the hyperlink (e.g. [http... Getting Started]).
> 
> Ok, let's work on the Foreword. Here are my comments/edits: http://code.google.com/p/owasp-development-guide/wiki/Foreword . Can you take a crack at filling in the various places with ellipses? See the ASVS foreword to get an idea of how things should read, the level of detail, types of generalizations, etc.
> 
> Best,
> 
> Mike B.
> 
> 
> -----Original Message-----
> From: Ken Owen [mailto:kenowen at eowen.com] 
> Sent: Friday, April 16, 2010 4:49 PM
> To: Boberski, Michael [USA]
> Cc: owasp mailn list
> Subject: Progress Report
> 
> Mike
> 
> I put a short forward up this week, as well as first and second levels 
> of the "Getting Started" section. Should these pages be referencing 
> sections of the guide? Should I include resources on the web? For 
> instance articles on creating risk assessments for Internet and software 
> projects?
> 
> Ken
> 
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
> 
> 

-- 
Ken Owen
Edward Owen Company
Box 407
Granby, CT 06035-0407
Phone: 860.653.6258 x12
Fax: 860.653.6349
email: kenowen at eowen.com


More information about the Owasp-guide mailing list