[Owasp-guide] [GPC-Mailbox] Re: Proposal and discussion of draft Developer Guide 2013 ToC

Chris Schmidt chris.schmidt at owasp.org
Fri May 11 15:38:10 UTC 2012

Andrew - this is fantastic work, and *a lot* of it!

Obviously I will be more than happy to assist on the ESAPI portions of
this project. Additionally, have you ever used Confluence? I think this
is a superb use-case for using a more feature laden document management
application (wiki ++ if you will)

Confluence is free for Open Source projects - I have acquired one
already for ESAPI and will hopefully be migrating the documentation to
it soon - I would be more than happy to help you secure an instance for
the Development Guide as well. The other nice bit is that the instances
can either be hosted *or* standalone and both are free. Also, exporting
as an eBook is a single button click - which is extremely nice.

Let me know if you want to look at or talk about doing this before the
project really gets underway.


On 5/11/2012 8:59 AM, William E. T. wrote:
> I also like OWASP Developer Guide 2013
> I'd like to volunter to help write documentation, but I'm not sure I
> am enough of an expert to do a chapter by myself, so could I please be
> assigned to a larger chapter with at least one other person?
> Thanks,
> Bill Triest
> On Thu, May 10, 2012 at 11:52 PM, Andrew van der Stock
> <vanderaj at owasp.org <mailto:vanderaj at owasp.org>> wrote:
>     Hi folks,
>     *Please review*
>     Can you please look over this ToC
>     http://code.google.com/p/owasp-development-guide/wiki/ProjectManagement_Assignments
>     Let's start discussing what should be in and out of the Guide. I'm
>     going deliberately for inclusiveness as if it's not in the
>     Developer Guide, where will it be? However, I'm willing to be
>     convinced if you have stronger arguments than mine. 
>     The numbering scheme is the (stalled) OWASP Common Numbering
>     Scheme. It's time for that to be completed, so I've cc'd Dave
>     Wichers, the project leader for that effort. I want to ensure that
>     we are very strongly aligned with the ASVS <- Developer Guide <->
>     Testing Guide <-> Code Review Guide, because this time around we
>     will not be discussing how to do code reviews and how to test
>     except to point to those other texts. 
>     *Claim your chapters*
>     I'd like for folks to start claiming chapters here (first post
>     wins!) where a chapter is DG-MAJOR and not just a sub-section. For
>     longer chapters (those likely to have more than six patterns), I
>     want at least two and preferably four or five folks to work together. 
>     *Title*
>     I'd like to nut out the tittle for the next release. Can you
>     please indicate your preferred name for the next release:
>     OWASP Developer Guide 2013 <-- mine
>     OWASP Developer Guide 4.0 <-- timeless
>     OWASP Developer Guide 3.0 
>     That's my preferred order. The main reason for not using 3.0 is
>     that we've had two shots at that version now, and I honestly think
>     it's time to increment to 4.0. 
>     The 10th anniversary of the Guide is next month. I'm going to try
>     and have a surprise for that. However, this project should not
>     lose sight of the 2013 goal. For that reason, I'd like for us to
>     be ready to release at no later than OWASP AppSec US in Northern
>     hemisphere fall 2013, but preferably by AppSec EU next year. 
>     *Rebirth as a ready to use textbook, education piece*
>     In other news, I had a lovely dinner with the delightful Laura
>     Bell, who got me thinking about how best to make use of the Guide. 
>     I'd like for the Developer Guide to be immediately useful as a
>     K11-12 / first year University text book. This means I'd like to
>     work with the OWASP Education project on simultaneously updating
>     my two day deck into a 15 or 16 week deck and exercises and labs
>     that teachers and lecturers can use either directly with WebGoat
>     or directly with the deck we provide. We really need to start
>     educating the next generation behind us to prevent security being
>     an forgotten art. Once that's done, it's easy enough to create a
>     dense 2 or 3 day deck for trainers to deliver to organisations and
>     businesses, with the Developer Guide as being the lecture text and
>     the next version of ASVS as the two-three day text. 
>     Whilst we will be developing this in the Wiki and that's how I
>     tend to use OWASP materials today, I am happy to create a final
>     PDF and a iBook download for the OWASP website, and possibly work
>     with a publisher to get the Developer Guide prepared for print
>     publication. Personally, I think having a freely downloadable
>     version on our website, and in iTunes U along with someone
>     teaching the materials on screen (look for CS 193P for what I have
>     in mind) will be the lowest barrier to entry. I'm not convinced
>     that dead tree printing is the best today, but I have a Kindle and
>     an iPad, so I'm biased.  
>     Thoughts?
>     thanks,
>     Andrew
>     _______________________________________________
>     Owasp-guide mailing list
>     Owasp-guide at lists.owasp.org <mailto:Owasp-guide at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-guide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120511/2f944cd2/attachment-0001.html>

More information about the Owasp-guide mailing list