[Owasp-guide] Fwd: Proposal and discussion of draft Developer Guide 2013 ToC

Mylene mylenereiners at gmail.com
Sat May 12 06:54:51 UTC 2012

Hi all,

I'm an architect, would love to help on that chapter, but I've programmed
for over 23 years also - so I could help out with lots of "practical"
chapters - my primary interests are in test (programmer/unit/security
tests) and everything from setting up projects to version control,
continuous everything (performance testing, integration, deployment etc.).

And I guess the re"numbering" to 2013 is a great idea.

Thanks for taking this up again...


On Fri, May 11, 2012 at 11:01 PM, Kevin W. Wall <kevin.w.wall at gmail.com>wrote:

> Probably should have sent this to the list, but it was late and typing on a
> phone is somewhat of a pain.
> Anyhow, does anyone care to collaborate with me on either the cryptography
> or
> ESAPI sections of the dev guide? Not sure if I have time to do them alone.
> -kevin
> ---------- Forwarded message ----------
> From: Kevin W. Wall <kevin.w.wall at gmail.com>
> Date: Fri, May 11, 2012 at 12:58 AM
> Subject: Re: [Owasp-guide] Proposal and discussion of draft Developer
> Guide 2013 ToC
> To: Andrew van der Stock <vanderaj at owasp.org>
> Andrew,
> I will help on at least one (& maybe both) of these sections:
> Cryptography
> I could take the lead but am hesitant to do so b/c of commitments as
> an OWASP GSoC mentor helping on AppSensor. It's too early to tell how
> much commitment that will take as we are only starting on it, but I
> was told to expect 10-20 hrs/wk.
> -kevin
> Sent from my Droid; please excuse typos.
> On May 10, 2012 11:54 PM, "Andrew van der Stock" <vanderaj at owasp.org>
> wrote:
> >
> > Hi folks,
> >
> > Please review
> >
> > Can you please look over this ToC
> >
> >
> http://code.google.com/p/owasp-development-guide/wiki/ProjectManagement_Assignments
> >
> > Let's start discussing what should be in and out of the Guide. I'm going
> deliberately for inclusiveness as if it's not in the Developer Guide, where
> will it be? However, I'm willing to be convinced if you have stronger
> arguments than mine.
> >
> > The numbering scheme is the (stalled) OWASP Common Numbering Scheme.
> It's time for that to be completed, so I've cc'd Dave Wichers, the project
> leader for that effort. I want to ensure that we are very strongly aligned
> with the ASVS <- Developer Guide <-> Testing Guide <-> Code Review Guide,
> because this time around we will not be discussing how to do code reviews
> and how to test except to point to those other texts.
> >
> > Claim your chapters
> >
> > I'd like for folks to start claiming chapters here (first post wins!)
> where a chapter is DG-MAJOR and not just a sub-section. For longer chapters
> (those likely to have more than six patterns), I want at least two and
> preferably four or five folks to work together.
> >
> > Title
> >
> > I'd like to nut out the tittle for the next release. Can you please
> indicate your preferred name for the next release:
> >
> > OWASP Developer Guide 2013 <-- mine
> > OWASP Developer Guide 4.0 <-- timeless
> > OWASP Developer Guide 3.0
> >
> > That's my preferred order. The main reason for not using 3.0 is that
> we've had two shots at that version now, and I honestly think it's time to
> increment to 4.0.
> >
> > The 10th anniversary of the Guide is next month. I'm going to try and
> have a surprise for that. However, this project should not lose sight of
> the 2013 goal. For that reason, I'd like for us to be ready to release at
> no later than OWASP AppSec US in Northern hemisphere fall 2013, but
> preferably by AppSec EU next year.
> >
> > Rebirth as a ready to use textbook, education piece
> >
> > In other news, I had a lovely dinner with the delightful Laura Bell, who
> got me thinking about how best to make use of the Guide.
> >
> > I'd like for the Developer Guide to be immediately useful as a K11-12 /
> first year University text book. This means I'd like to work with the OWASP
> Education project on simultaneously updating my two day deck into a 15 or
> 16 week deck and exercises and labs that teachers and lecturers can use
> either directly with WebGoat or directly with the deck we provide. We
> really need to start educating the next generation behind us to prevent
> security being an forgotten art. Once that's done, it's easy enough to
> create a dense 2 or 3 day deck for trainers to deliver to organisations and
> businesses, with the Developer Guide as being the lecture text and the next
> version of ASVS as the two-three day text.
> >
> > Whilst we will be developing this in the Wiki and that's how I tend to
> use OWASP materials today, I am happy to create a final PDF and a iBook
> download for the OWASP website, and possibly work with a publisher to get
> the Developer Guide prepared for print publication. Personally, I think
> having a freely downloadable version on our website, and in iTunes U along
> with someone teaching the materials on screen (look for CS 193P for what I
> have in mind) will be the lowest barrier to entry. I'm not convinced that
> dead tree printing is the best today, but I have a Kindle and an iPad, so
> I'm biased.
> >
> > Thoughts?
> >
> > thanks,
> > Andrew
> >
> > _______________________________________________
> > Owasp-guide mailing list
> > Owasp-guide at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-guide
> >
> --
> Blog: http://off-the-wall-security.blogspot.com/
> "The most likely way for the world to be destroyed, most experts agree,
> is by accident. That's where we come in; we're computer professionals.
> We *cause* accidents."        -- Nathaniel Borenstein
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20120512/2747ee94/attachment.html>

More information about the Owasp-guide mailing list