[Owasp-guide] Owasp-guide Digest, Vol 30, Issue 1

Vishal Garg vishalgrg at gmail.com
Wed Dec 15 03:04:15 EST 2010


Theo, I will have to find this out for you. Give me some time, I'll find out
and come back to you.

Regards
Vishal

On Tue, Dec 14, 2010 at 10:11 AM, Theo van Niekerk <theovn.list at gmail.com>wrote:

> Hi Vishal, Abe
>
>
> Yes, if we can just rollback to the previous version - how do you do that
> anyways?
> Once that is done I will then dissect it into pieces according to the ASVS
> structure.
> There is also section on the wiki under Input Validation that needs to be
> pulled over.
>
> Abe, maybe you can copy your content onto a temporary scratch-patch page so
> that we don't loose it?
>
>
> Regards
> Theo
>
>
> On 14 Dec 2010, at 00:28, Vishal Garg wrote:
>
> > Hi Abe,
> >
> > I had looked at the Wiki over the weekend and analysed the changes made
> by
> > you. I really like your enthusiasm in creating all the great content, but
> at
> > the same time, we also have to understand that creating the guide is a
> > collaborative effort where hard work from lot of volunteers is involved.
> > Therefore we all need to follow some rules to respect each other's time
> and
> > effort and to achieve meaningful results from everyone else's efforts.
> >
> > During my analysis, I found that you had replaced the old content with
> the
> > new content of your own, which means that the work done by someone else
> has
> > all been wasted. Also if everyone kept doing this, we would not be able
> to
> > achieve anything from this effort. Therefore could you please go back and
> > roll back all the changes you made to the wiki and retain all the old
> > content. Also I would suggest you to follow the ASVS guidelines and
> > structure and put your content at the appropriate place so that your
> efforts
> > and hard work is also not wasted.
> >
> > Please let me know if you have any queries or doubts and I'll do my best
> to
> > resolve it.
> >
> > Regards
> > Vishal
> >
> >
> > On Sat, Dec 11, 2010 at 6:29 AM, Abe <abek1 at comcast.net> wrote:
> >
> >> Theo,
> >>
> >> When I came home today, I was having a rough day at work.  My gut
> instinct
> >> was to apologize as I tend to try and take responsibility and be held
> >> accountable (sometimes without thinking).
> >>
> >> Prior to submitting the chapter that I wrote, the OWASP Guide for
> >> OWASP-0600
> >> Output Encoding/Escaping contained the Interpreter Injection chapter
> copied
> >> verbatim from the OWASP Web Application Guide 2.0.
> >>
> >> I do not think any of the Interpreter Injection chapter is related to
> >> proper
> >> output encoding and still do not think it applies.  Replacing the
> current
> >> chapter with the Interpreter Injection chapter is not the right thing to
> >> do.
> >>
> >> As to following the ASVS. When writing, information should be presented
> in
> >> a
> >> clear, concise, and logical manner.  We are writing a book after all.
>  If
> >> you read the chapter that I wrote, all of the items under OWASP-0600 to
> >> OWASP-0610 Output Encoding/Escaping are covered.
> >>
> >> Again proper output encoding is something that I am still actively doing
> >> research on. I want to make sure that if I am wrong about anything, the
> >> reader can correct me and let me know where I made my mistake.  I am
> going
> >> to take out my email before we go GA.
> >>
> >> To be honest, I was a bit frustrated at the pace at which the guide and
> our
> >> chapter was moving, so I took the initiative to go ahead and write the
> >> chapter.
> >>
> >>
> >>
> >> "Lead, follow, or get out of the way."  --Thomas Paine
> >>
> >>
> >>
> >> Regards,
> >> Abe
> >>
> >>
> >> -----Original Message-----
> >> From: Theo Van Niekerk [mailto:theovn.list at gmail.com]
> >> Sent: Thursday, December 09, 2010 11:52 PM
> >> To: Abe
> >> Cc: owasp-guide at lists.owasp.org
> >> Subject: Re: [Owasp-guide] Owasp-guide Digest, Vol 30, Issue 1
> >>
> >> Hi Abe
> >>
> >> I'm afraid that you have jumped the gun.
> >>
> >> Vishal's schedule (see below your email) states to recycle old content -
> >> which I believe is still very valid - by the end of Jan 2011.
> >> Thereafter a collaborative approach will be followed to develop new
> >> content.
> >> It will then be reviewed and updated.
> >>
> >> Quite frankly I do not appreciate that you merrily jump in, remove the
> >> recycled content originating form the old guide, and replace it with
> yours.
> >> Also, what's with the "Good luck and email me (abraham.kang at owasp.org)
> >> with
> >> any questions."?
> >>
> >> Regarding the content you have created, I see it as valuable but it
> would
> >> have to be aligned with the ASVS. I think it is too complex for an
> >> introduction and should rather reside in a subsection of the future
> >> document.
> >>
> >> Can you please rollback to the previous version?
> >>
> >> Thanks
> >> Theo
> >>
> >>
> >>
> >> On 07 Dec 2010, at 20:02, Abe wrote:
> >>
> >>> Hi Vishal,
> >>>
> >>> Material from the previous version didn't really match so wrote a new
> >>> chapter outright.
> >>>
> >>> Output Encoding
> >>>
> >>> Regards,
> >>> Abe
> >>>
> >>> -----Original Message-----
> >>> From: owasp-guide-bounces at lists.owasp.org
> >>> [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of
> >>> owasp-guide-request at lists.owasp.org
> >>> Sent: Tuesday, December 07, 2010 9:00 AM
> >>> To: owasp-guide at lists.owasp.org
> >>> Subject: Owasp-guide Digest, Vol 30, Issue 1
> >>>
> >>> Send Owasp-guide mailing list submissions to
> >>>      owasp-guide at lists.owasp.org
> >>>
> >>> To subscribe or unsubscribe via the World Wide Web, visit
> >>>      https://lists.owasp.org/mailman/listinfo/owasp-guide
> >>> or, via email, send a message with subject or body 'help' to
> >>>      owasp-guide-request at lists.owasp.org
> >>>
> >>> You can reach the person managing the list at
> >>>      owasp-guide-owner at lists.owasp.org
> >>>
> >>> When replying, please edit your Subject line so it is more specific
> >>> than "Re: Contents of Owasp-guide digest..."
> >>>
> >>>
> >>> Today's Topics:
> >>>
> >>>  1. [OWASP-Guide] Schedule for dev guide (Vishal Garg)
> >>>
> >>>
> >>> ----------------------------------------------------------------------
> >>>
> >>> Message: 1
> >>> Date: Mon, 6 Dec 2010 21:57:08 +0000
> >>> From: Vishal Garg <vishalgrg at gmail.com>
> >>> Subject: [Owasp-guide] [OWASP-Guide] Schedule for dev guide
> >>> To: owasp-guide at lists.owasp.org
> >>> Message-ID:
> >>>      <AANLkTi=wV71qetsDEFz=5nY6ZSUnBAzcOezLJTthHJzE at mail.gmail.com>
> >>> Content-Type: text/plain; charset="iso-8859-1"
> >>>
> >>> Hi All,
> >>>
> >>> After having a discussion with Anurag, we have come up with the
> following
> >>> schdule for the new dev guide. Could all section leads please provide
> an
> >>> update on how much work has already been done for the first phase of
> >>> recycling the content from the previous version of development guide
> and
> >> how
> >>> much of it is still pending, along with an outline of any new additions
> >> they
> >>> are planning to implement to their sections.
> >>>
> >>> Please note that the new development guide also needs to meet ASVS
> >> standard
> >>> and new OWASP numbering scheme. Therefore you need to ensure that you
> >> adhere
> >>> to these guidelines and make adjustments to your sections accordingly.
> If
> >> in
> >>> doubt, just get in touch with wither me or Anurag.
> >>>
> >>> 31/01/2011
> >>>
> >>> Recycling the old content from previous guide.
> >>>
> >>> 31/03/2010
> >>>
> >>> New content development for all sections
> >>>
> >>> 30/04/2011
> >>>
> >>> Content review and updates.
> >>>
> >>> 31/05/2011
> >>>
> >>> Finishing touches to the guide (eg. initial sections and indexes etc.)
> >>>
> >>> 01/06/2011
> >>>
> >>> Beta release. Get comments from public and make changes.
> >>>
> >>> 30/06/2011
> >>>
> >>> Final release (or possibly tie it with some event to make it more
> >> visible).
> >>>
> >>> We are also planning to have more frequest status meetings, possibly on
> a
> >>> weekly basis so that the progress on the development of guide can be
> >>> monitored more closely and we can have an open forum for discussions
> with
> >>> other team members. Anurag has suggested using Skype for weekly
> meetings.
> >> I
> >>> hope everyone would be comfortable with this. More details on this
> would
> >>> follow shortly.
> >>>
> >>> Thanks to everyone for thier contributions to the guide.
> >>>
> >>> Regards
> >>> Vishal
> >>> -------------- next part --------------
> >>> An HTML attachment was scrubbed...
> >>> URL:
> >>>
> >>
> >>
> https://lists.owasp.org/pipermail/owasp-guide/attachments/20101206/cead64bc/
> >>> attachment-0001.html
> >>>
> >>> ------------------------------
> >>>
> >>> _______________________________________________
> >>> Owasp-guide mailing list
> >>> Owasp-guide at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-guide
> >>>
> >>>
> >>> End of Owasp-guide Digest, Vol 30, Issue 1
> >>> ******************************************
> >>>
> >>> _______________________________________________
> >>> Owasp-guide mailing list
> >>> Owasp-guide at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-guide
> >>
> >> _______________________________________________
> >> Owasp-guide mailing list
> >> Owasp-guide at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-guide
> >>
> >
> >
> >
> > --
> > Vishal Garg
> >
> > Linkedin: http://www.linkedin.com/in/vishalgrg
> > Twitter: http://www.twitter.com/vishalgrg
>
>


-- 
Vishal Garg

Linkedin: http://www.linkedin.com/in/vishalgrg
Twitter: http://www.twitter.com/vishalgrg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20101215/a2e3ebc0/attachment.html 


More information about the Owasp-guide mailing list