[Owasp-guide] Progress Report

Boberski, Michael [USA] boberski_michael at bah.com
Thu Apr 22 16:32:01 EDT 2010


Ok, let me put together some additional notes/guidance. 

Best,

Mike B.


-----Original Message-----
From: Ken Owen [mailto:kenowen at eowen.com] 
Sent: Thursday, April 22, 2010 4:02 PM
To: Boberski, Michael [USA]
Cc: owasp mailn list
Subject: Re: Progress Report

Mike

I was working on Getting Started yesterday and today. I have material on 
the Getting Started page, both pages on the next level and pages for all 
four items under design. It seems to me that what I was trying to do is 
pull together all the OWASP projects that already have detailed 
information on each of these areas rather than writing short precis of 
the material that is already on the site, such as:

ASVS Level 1 security architecture review
The Owasp Clasp Project
Application Threat Modeling

Please take a look. If you think I'm barking up the wrong tree, let me 
know and I start over. I'll wait for your reply before proceeding.

Ken

Boberski, Michael [USA] wrote:
> Hi Ken. Ok, we're done with the Foreword for now then, thanks.
> 
> So onward to Getting Started...
> 
> I was thinking this section (all of it) should be narrative (full sentences and paragraphs, pictures, etc.). No checklists or worksheets. To start, minimum 1 paragraph per page, 3-4 sentences, let's say.
> 
> This section will likely be all new writing, although there might be a small amount of stuff that can be recycled, words about threat modeling catch my eye as I click through the outline. Obviously ASVS didn't exist when the previous guide was written so section "Mapping the Top Ten to ASVS" would be new.
> 
> Best,
> 
> Mike B.
> 
> 
> -----Original Message-----
> From: Ken Owen [mailto:kenowen at eowen.com] 
> Sent: Wednesday, April 21, 2010 5:06 PM
> To: Boberski, Michael [USA]
> Cc: owasp mailn list
> Subject: Re: Progress Report
> 
> Mike
> 
> I agree with your suggestion on the second bullet and I've fleshed out 
> the page. I have also made a first draft of the "Getting Started" page, 
> the two pages under that (just menus but could have some description on 
> them) and the business risk page.
> 
> Ken
> 
> Boberski, Michael [USA] wrote:
>> Hi Ken, to help you out with what I mean further about filling out this section,
>>
>> The bullets should be something like:
>>
>>
>> The guidance was developed with the following objectives in mind:
>>
>>   * _Use as a reference_ - Provide application architects and developers with a single, definitive repository of secure design patterns,
>>   * _Use to make decisions_ - Provide guidance to security control developers as to how to either select or build security controls in order to satisfy application security requirements, and
>>   * _Use as guidance_ - Provide guidance to security control developers as to how to use security controls in order to satisfy application security requirements
>>
>>
>> I updated the wiki page with the above, to help things along. Maybe if you can take a stab at retooling the notes, there should be ones for ESAPI and ASVS, but they need to be reworked so they fit into this foreword somehow. The above could perhaps stand to be further worked on, e.g. the second bullet title should perhaps be "Use to make design decisions".
>>
>> Best,
>>
>> Mike B.
>>  
>>
>>
>> -----Original Message-----
>> From: owasp-guide-bounces at lists.owasp.org [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
>> Sent: Monday, April 19, 2010 1:26 PM
>> To: Ken Owen
>> Cc: owasp mailn list
>> Subject: Re: [Owasp-guide] Progress Report
>>
>> Hi Ken, thanks for checking in.
>>
>> References should use the section name (e.g. See the "Getting Started" section for a description of...) as it appears in the TOC. This applies to all sections. It would be helpful if you could also then include the hyperlink (e.g. [http... Getting Started]).
>>
>> Ok, let's work on the Foreword. Here are my comments/edits: http://code.google.com/p/owasp-development-guide/wiki/Foreword . Can you take a crack at filling in the various places with ellipses? See the ASVS foreword to get an idea of how things should read, the level of detail, types of generalizations, etc.
>>
>> Best,
>>
>> Mike B.
>>
>>
>> -----Original Message-----
>> From: Ken Owen [mailto:kenowen at eowen.com] 
>> Sent: Friday, April 16, 2010 4:49 PM
>> To: Boberski, Michael [USA]
>> Cc: owasp mailn list
>> Subject: Progress Report
>>
>> Mike
>>
>> I put a short forward up this week, as well as first and second levels 
>> of the "Getting Started" section. Should these pages be referencing 
>> sections of the guide? Should I include resources on the web? For 
>> instance articles on creating risk assessments for Internet and software 
>> projects?
>>
>> Ken
>>
>> _______________________________________________
>> Owasp-guide mailing list
>> Owasp-guide at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-guide
>>
>>
> 

-- 
Ken Owen
Edward Owen Company
Box 407
Granby, CT 06035-0407
Phone: 860.653.6258 x12
Fax: 860.653.6349
email: kenowen at eowen.com


More information about the Owasp-guide mailing list