[Owasp-guide] Prioritised chapters

Lathifah Arief lathifah.arief at gmail.com
Thu Mar 28 01:23:10 UTC 2013


Hi, I'm interested in input validation too... if you guys dont mind to have
me in team, for sure :-)
On Mar 27, 2013 2:50 PM, <Anand_Jayaraman1 at dell.com> wrote:

>  Hi,****
>
> ** **
>
> I would like to volunteer for ****
>
> ** **
>
> Input Validation****
>
> http://www.gaiabb.com/wiki/index.php/DG-B06-INPVAL****
>
> ** **
>
> Since I understand it is going to be a team of 3 or more per chapter. I
> would like have to some more folks to team up with.****
>
> ** **
>
> Regards,****
>
> Anand****
>
> ** **
>
> *From:* owasp-guide-bounces at lists.owasp.org [mailto:
> owasp-guide-bounces at lists.owasp.org] *On Behalf Of *vanderaj vanderaj
> *Sent:* Wednesday, March 27, 2013 8:51 AM
> *To:* owasp-guide at lists.owasp.org; Kevin W. Wall
> *Cc:* Abraham Kang
> *Subject:* [Owasp-guide] Prioritised chapters****
>
> ** **
>
> Hi there,****
>
> ** **
>
> I'm very pleased with the response I got privately and to this list, so
> let's get it happening without further delay. What I aim to do this time
> differently is lead the big chapters as editor, and work on some of the
> smaller chapters personally, like testing and so on. ****
>
> ** **
>
> There's a lot of chapters that need writing, but we're not getting far
> with the current approach, so let's focus on delivering four core chapters
> first as group led sub-projects, and then circle around and write the next
> four as resources become available. ****
>
> ** **
>
> Can folks volunteer for one of the four chapters:****
>
> ** **
>
> Authentication****
>
> http://www.gaiabb.com/wiki/index.php/DG-B03-AUTHN****
>
> ** **
>
> Access Control****
>
> http://www.gaiabb.com/wiki/index.php/DG-B05-AUTHZ****
>
> ** **
>
> Input Validation****
>
> http://www.gaiabb.com/wiki/index.php/DG-B06-INPVAL****
>
> ** **
>
> Output Encoding****
>
> http://www.gaiabb.com/wiki/index.php/DG-B07-OUTENC****
>
> ** **
>
> I'd ideally like to see teams of two or three or more for each chapter.
> Let's write a draft and we'll polish and edit from there. ****
>
> ** **
>
> There are specific things I want each chapter to hit. Each documented
> control should be comprehensive, concise and readable, preferably have good
> flows documented using UML swim lane diagrams and pictures, and a list of
> anti-patterns at the end. ****
>
> ** **
>
> I will be holding out for a higher standard than many currently practice -
> we need to lead, not document common worst practice. ****
>
> ** **
>
> For example in authentication, we will not be documenting password
> recovery using questions and answers as I firmly believe these to be a
> strong anti-pattern. In input validation, we will be using positive
> validation as the first choice right through to no validation, but we
> should always prefer positive validation. Output encoding should be
> encouraging the encoding of all non-literals, even if it's (currently) safe
> to not encode them. This is how ESAPI does it, for example. ****
>
> ** **
>
> *+Kevin Wall* - as you requested a long time ago, let's have that G+
> discussion on the crypto chapter. I totally agree it needs to be different
> than the ASVS outline. I would like you to lead the re-development of that
> chapter, and to bring in people you feel that could help you write it to
> the standards you want to see. ****
>
> ** **
>
> thanks,****
>
> Andrew****
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20130328/21bfc38f/attachment.html>


More information about the Owasp-guide mailing list