[Owasp-guide] Prioritised chapters

Paco Schiaffella schiaffella at gmail.com
Thu Mar 28 10:10:04 UTC 2013


Hi,
    I would like to join the input validation chapter too. (but if a
team of two can be enough for now, I also like the output encoding
chapter)


Thanks,
Paco


2013/3/28  <Anand_Jayaraman1 at dell.com>:
> Great to see more people wanting to team up on Input Validation.
>
>
>
> Arief: Lets team up we can start with sharing our skype ids
> (anand-jayaraman) or gmail ids (anand201301 at gmail.com) so that it is easy to
> collaborate. If you feel there are better ways we can use that medium.
>
>
>
> Regards,
>
> Anand
>
>
>
> From: Lathifah Arief [mailto:lathifah.arief at gmail.com]
> Sent: Thursday, March 28, 2013 6:53 AM
> To: Jayaraman1, Anand
> Cc: owasp-guide at lists.owasp.org; vanderaj vanderaj; kevin.w.wall at gmail.com;
> abraham.kang at owasp.org
> Subject: Re: [Owasp-guide] Prioritised chapters
>
>
>
> Hi, I'm interested in input validation too... if you guys dont mind to have
> me in team, for sure :-)
>
> On Mar 27, 2013 2:50 PM, <Anand_Jayaraman1 at dell.com> wrote:
>
> Hi,
>
>
>
> I would like to volunteer for
>
>
>
> Input Validation
>
> http://www.gaiabb.com/wiki/index.php/DG-B06-INPVAL
>
>
>
> Since I understand it is going to be a team of 3 or more per chapter. I
> would like have to some more folks to team up with.
>
>
>
> Regards,
>
> Anand
>
>
>
> From: owasp-guide-bounces at lists.owasp.org
> [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of vanderaj vanderaj
> Sent: Wednesday, March 27, 2013 8:51 AM
> To: owasp-guide at lists.owasp.org; Kevin W. Wall
> Cc: Abraham Kang
> Subject: [Owasp-guide] Prioritised chapters
>
>
>
> Hi there,
>
>
>
> I'm very pleased with the response I got privately and to this list, so
> let's get it happening without further delay. What I aim to do this time
> differently is lead the big chapters as editor, and work on some of the
> smaller chapters personally, like testing and so on.
>
>
>
> There's a lot of chapters that need writing, but we're not getting far with
> the current approach, so let's focus on delivering four core chapters first
> as group led sub-projects, and then circle around and write the next four as
> resources become available.
>
>
>
> Can folks volunteer for one of the four chapters:
>
>
>
> Authentication
>
> http://www.gaiabb.com/wiki/index.php/DG-B03-AUTHN
>
>
>
> Access Control
>
> http://www.gaiabb.com/wiki/index.php/DG-B05-AUTHZ
>
>
>
> Input Validation
>
> http://www.gaiabb.com/wiki/index.php/DG-B06-INPVAL
>
>
>
> Output Encoding
>
> http://www.gaiabb.com/wiki/index.php/DG-B07-OUTENC
>
>
>
> I'd ideally like to see teams of two or three or more for each chapter.
> Let's write a draft and we'll polish and edit from there.
>
>
>
> There are specific things I want each chapter to hit. Each documented
> control should be comprehensive, concise and readable, preferably have good
> flows documented using UML swim lane diagrams and pictures, and a list of
> anti-patterns at the end.
>
>
>
> I will be holding out for a higher standard than many currently practice -
> we need to lead, not document common worst practice.
>
>
>
> For example in authentication, we will not be documenting password recovery
> using questions and answers as I firmly believe these to be a strong
> anti-pattern. In input validation, we will be using positive validation as
> the first choice right through to no validation, but we should always prefer
> positive validation. Output encoding should be encouraging the encoding of
> all non-literals, even if it's (currently) safe to not encode them. This is
> how ESAPI does it, for example.
>
>
>
> +Kevin Wall - as you requested a long time ago, let's have that G+
> discussion on the crypto chapter. I totally agree it needs to be different
> than the ASVS outline. I would like you to lead the re-development of that
> chapter, and to bring in people you feel that could help you write it to the
> standards you want to see.
>
>
>
> thanks,
>
> Andrew
>
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>
>
> _______________________________________________
> Owasp-guide mailing list
> Owasp-guide at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-guide
>


More information about the Owasp-guide mailing list