[Owasp-guide] OWASP Developer Guide 3.0 Reboot
Andrew van der Stock
vanderaj at owasp.org
Wed Apr 25 11:39:07 UTC 2012
A few weeks ago, I was asked to reboot the OWASP Developer Guide project. I've been in deep thought on the matter, as unless you've written a book and in particular, this one, you have no idea what sort of toll it has on your personal life.
As Vishal has not posted for > 12 months, and didn't respond to Paulo in July last year, the project would currently be classed as inactive. The Guide 2.0 is approaching its seventh birthday, so it's time to reboot it as that's more than 100 Internet years.
* The Developer Guide will be re-vamped to be only about leading practice for architects and builders. This should make it shorter, or at least more focused.
* Examples will use ESAPI and PHP first, and other languages / frameworks second. Primarily because that will force me to finish the ESAPI for PHP project. From there, it's trivial to port to other languages and frameworks.
* All advice on how to test or review code will be removed / donated to those projects.
* ASVS aimed to be the initial 80% that gets you started. The Developer Guide will aim for close to 100% coverage of the current landscape, including fads like big data, cloud, and Ajax (which are really the same thing as we previously documented).
As there's been some progress on the 3.0, I will take some time to review existing changes to material and outline, and work to bring them into line with OWASP ASVS and the common numbering standard. Once that's done, I'll open up chapter allocations to contributors.
Let's get 'er done by the end of the year. This is entirely possible, particularly if I can have some helpers.
Do you folks mind if I take the reins again?
As a quick show of hands, who is available to help with the effort?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-guide