[Owasp-guide] Owasp-guide Digest, Vol 30, Issue 1

Theo van Niekerk theovn.list at gmail.com
Tue Dec 14 05:11:52 EST 2010


Hi Vishal, Abe


Yes, if we can just rollback to the previous version - how do you do that anyways?
Once that is done I will then dissect it into pieces according to the ASVS structure. 
There is also section on the wiki under Input Validation that needs to be pulled over.

Abe, maybe you can copy your content onto a temporary scratch-patch page so that we don't loose it?


Regards
Theo


On 14 Dec 2010, at 00:28, Vishal Garg wrote:

> Hi Abe,
> 
> I had looked at the Wiki over the weekend and analysed the changes made by
> you. I really like your enthusiasm in creating all the great content, but at
> the same time, we also have to understand that creating the guide is a
> collaborative effort where hard work from lot of volunteers is involved.
> Therefore we all need to follow some rules to respect each other's time and
> effort and to achieve meaningful results from everyone else's efforts.
> 
> During my analysis, I found that you had replaced the old content with the
> new content of your own, which means that the work done by someone else has
> all been wasted. Also if everyone kept doing this, we would not be able to
> achieve anything from this effort. Therefore could you please go back and
> roll back all the changes you made to the wiki and retain all the old
> content. Also I would suggest you to follow the ASVS guidelines and
> structure and put your content at the appropriate place so that your efforts
> and hard work is also not wasted.
> 
> Please let me know if you have any queries or doubts and I'll do my best to
> resolve it.
> 
> Regards
> Vishal
> 
> 
> On Sat, Dec 11, 2010 at 6:29 AM, Abe <abek1 at comcast.net> wrote:
> 
>> Theo,
>> 
>> When I came home today, I was having a rough day at work.  My gut instinct
>> was to apologize as I tend to try and take responsibility and be held
>> accountable (sometimes without thinking).
>> 
>> Prior to submitting the chapter that I wrote, the OWASP Guide for
>> OWASP-0600
>> Output Encoding/Escaping contained the Interpreter Injection chapter copied
>> verbatim from the OWASP Web Application Guide 2.0.
>> 
>> I do not think any of the Interpreter Injection chapter is related to
>> proper
>> output encoding and still do not think it applies.  Replacing the current
>> chapter with the Interpreter Injection chapter is not the right thing to
>> do.
>> 
>> As to following the ASVS. When writing, information should be presented in
>> a
>> clear, concise, and logical manner.  We are writing a book after all.  If
>> you read the chapter that I wrote, all of the items under OWASP-0600 to
>> OWASP-0610 Output Encoding/Escaping are covered.
>> 
>> Again proper output encoding is something that I am still actively doing
>> research on. I want to make sure that if I am wrong about anything, the
>> reader can correct me and let me know where I made my mistake.  I am going
>> to take out my email before we go GA.
>> 
>> To be honest, I was a bit frustrated at the pace at which the guide and our
>> chapter was moving, so I took the initiative to go ahead and write the
>> chapter.
>> 
>> 
>> 
>> "Lead, follow, or get out of the way."  --Thomas Paine
>> 
>> 
>> 
>> Regards,
>> Abe
>> 
>> 
>> -----Original Message-----
>> From: Theo Van Niekerk [mailto:theovn.list at gmail.com]
>> Sent: Thursday, December 09, 2010 11:52 PM
>> To: Abe
>> Cc: owasp-guide at lists.owasp.org
>> Subject: Re: [Owasp-guide] Owasp-guide Digest, Vol 30, Issue 1
>> 
>> Hi Abe
>> 
>> I'm afraid that you have jumped the gun.
>> 
>> Vishal's schedule (see below your email) states to recycle old content -
>> which I believe is still very valid - by the end of Jan 2011.
>> Thereafter a collaborative approach will be followed to develop new
>> content.
>> It will then be reviewed and updated.
>> 
>> Quite frankly I do not appreciate that you merrily jump in, remove the
>> recycled content originating form the old guide, and replace it with yours.
>> Also, what's with the "Good luck and email me (abraham.kang at owasp.org)
>> with
>> any questions."?
>> 
>> Regarding the content you have created, I see it as valuable but it would
>> have to be aligned with the ASVS. I think it is too complex for an
>> introduction and should rather reside in a subsection of the future
>> document.
>> 
>> Can you please rollback to the previous version?
>> 
>> Thanks
>> Theo
>> 
>> 
>> 
>> On 07 Dec 2010, at 20:02, Abe wrote:
>> 
>>> Hi Vishal,
>>> 
>>> Material from the previous version didn't really match so wrote a new
>>> chapter outright.
>>> 
>>> Output Encoding
>>> 
>>> Regards,
>>> Abe
>>> 
>>> -----Original Message-----
>>> From: owasp-guide-bounces at lists.owasp.org
>>> [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of
>>> owasp-guide-request at lists.owasp.org
>>> Sent: Tuesday, December 07, 2010 9:00 AM
>>> To: owasp-guide at lists.owasp.org
>>> Subject: Owasp-guide Digest, Vol 30, Issue 1
>>> 
>>> Send Owasp-guide mailing list submissions to
>>>      owasp-guide at lists.owasp.org
>>> 
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>      https://lists.owasp.org/mailman/listinfo/owasp-guide
>>> or, via email, send a message with subject or body 'help' to
>>>      owasp-guide-request at lists.owasp.org
>>> 
>>> You can reach the person managing the list at
>>>      owasp-guide-owner at lists.owasp.org
>>> 
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of Owasp-guide digest..."
>>> 
>>> 
>>> Today's Topics:
>>> 
>>>  1. [OWASP-Guide] Schedule for dev guide (Vishal Garg)
>>> 
>>> 
>>> ----------------------------------------------------------------------
>>> 
>>> Message: 1
>>> Date: Mon, 6 Dec 2010 21:57:08 +0000
>>> From: Vishal Garg <vishalgrg at gmail.com>
>>> Subject: [Owasp-guide] [OWASP-Guide] Schedule for dev guide
>>> To: owasp-guide at lists.owasp.org
>>> Message-ID:
>>>      <AANLkTi=wV71qetsDEFz=5nY6ZSUnBAzcOezLJTthHJzE at mail.gmail.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>> 
>>> Hi All,
>>> 
>>> After having a discussion with Anurag, we have come up with the following
>>> schdule for the new dev guide. Could all section leads please provide an
>>> update on how much work has already been done for the first phase of
>>> recycling the content from the previous version of development guide and
>> how
>>> much of it is still pending, along with an outline of any new additions
>> they
>>> are planning to implement to their sections.
>>> 
>>> Please note that the new development guide also needs to meet ASVS
>> standard
>>> and new OWASP numbering scheme. Therefore you need to ensure that you
>> adhere
>>> to these guidelines and make adjustments to your sections accordingly. If
>> in
>>> doubt, just get in touch with wither me or Anurag.
>>> 
>>> 31/01/2011
>>> 
>>> Recycling the old content from previous guide.
>>> 
>>> 31/03/2010
>>> 
>>> New content development for all sections
>>> 
>>> 30/04/2011
>>> 
>>> Content review and updates.
>>> 
>>> 31/05/2011
>>> 
>>> Finishing touches to the guide (eg. initial sections and indexes etc.)
>>> 
>>> 01/06/2011
>>> 
>>> Beta release. Get comments from public and make changes.
>>> 
>>> 30/06/2011
>>> 
>>> Final release (or possibly tie it with some event to make it more
>> visible).
>>> 
>>> We are also planning to have more frequest status meetings, possibly on a
>>> weekly basis so that the progress on the development of guide can be
>>> monitored more closely and we can have an open forum for discussions with
>>> other team members. Anurag has suggested using Skype for weekly meetings.
>> I
>>> hope everyone would be comfortable with this. More details on this would
>>> follow shortly.
>>> 
>>> Thanks to everyone for thier contributions to the guide.
>>> 
>>> Regards
>>> Vishal
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>> URL:
>>> 
>> 
>> https://lists.owasp.org/pipermail/owasp-guide/attachments/20101206/cead64bc/
>>> attachment-0001.html
>>> 
>>> ------------------------------
>>> 
>>> _______________________________________________
>>> Owasp-guide mailing list
>>> Owasp-guide at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-guide
>>> 
>>> 
>>> End of Owasp-guide Digest, Vol 30, Issue 1
>>> ******************************************
>>> 
>>> _______________________________________________
>>> Owasp-guide mailing list
>>> Owasp-guide at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-guide
>> 
>> _______________________________________________
>> Owasp-guide mailing list
>> Owasp-guide at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-guide
>> 
> 
> 
> 
> -- 
> Vishal Garg
> 
> Linkedin: http://www.linkedin.com/in/vishalgrg
> Twitter: http://www.twitter.com/vishalgrg



More information about the Owasp-guide mailing list