[Owasp-guide] Prioritised chapters

Brad Andrews andrews at rbacomm.com
Thu Mar 28 23:00:58 UTC 2013


I would be interested in helping review and edit any sections that want another pair of somewhat experienced eyes.  I am not ready to be the main writer, though I could step up if we have a serious hole.

From: Tom Stripling 
Sent: Thursday, March 28, 2013 2:32 PM
To: Paco Schiaffella 
Cc: owasp-guide at lists.owasp.org 
Subject: Re: [Owasp-guide] Prioritised chapters

I can also help with editing, if needed.




On Thu, Mar 28, 2013 at 8:15 AM, Tom Stripling <tstripling at gmail.com> wrote:

  I'd like to work on output encoding as well.


  Tom




  On Thu, Mar 28, 2013 at 5:10 AM, Paco Schiaffella <schiaffella at gmail.com> wrote:

    Hi,
        I would like to join the input validation chapter too. (but if a
    team of two can be enough for now, I also like the output encoding
    chapter)


    Thanks,
    Paco


    2013/3/28  <Anand_Jayaraman1 at dell.com>:

    > Great to see more people wanting to team up on Input Validation.
    >
    >
    >
    > Arief: Lets team up we can start with sharing our skype ids
    > (anand-jayaraman) or gmail ids (anand201301 at gmail.com) so that it is easy to
    > collaborate. If you feel there are better ways we can use that medium.
    >
    >
    >
    > Regards,
    >
    > Anand
    >
    >
    >
    > From: Lathifah Arief [mailto:lathifah.arief at gmail.com]
    > Sent: Thursday, March 28, 2013 6:53 AM
    > To: Jayaraman1, Anand
    > Cc: owasp-guide at lists.owasp.org; vanderaj vanderaj; kevin.w.wall at gmail.com;
    > abraham.kang at owasp.org
    > Subject: Re: [Owasp-guide] Prioritised chapters
    >
    >
    >
    > Hi, I'm interested in input validation too... if you guys dont mind to have
    > me in team, for sure :-)
    >
    > On Mar 27, 2013 2:50 PM, <Anand_Jayaraman1 at dell.com> wrote:
    >
    > Hi,
    >
    >
    >
    > I would like to volunteer for
    >
    >
    >
    > Input Validation
    >
    > http://www.gaiabb.com/wiki/index.php/DG-B06-INPVAL
    >
    >
    >
    > Since I understand it is going to be a team of 3 or more per chapter. I
    > would like have to some more folks to team up with.
    >
    >
    >
    > Regards,
    >
    > Anand
    >
    >
    >
    > From: owasp-guide-bounces at lists.owasp.org
    > [mailto:owasp-guide-bounces at lists.owasp.org] On Behalf Of vanderaj vanderaj
    > Sent: Wednesday, March 27, 2013 8:51 AM
    > To: owasp-guide at lists.owasp.org; Kevin W. Wall
    > Cc: Abraham Kang
    > Subject: [Owasp-guide] Prioritised chapters
    >
    >
    >
    > Hi there,
    >
    >
    >
    > I'm very pleased with the response I got privately and to this list, so
    > let's get it happening without further delay. What I aim to do this time
    > differently is lead the big chapters as editor, and work on some of the
    > smaller chapters personally, like testing and so on.
    >
    >
    >
    > There's a lot of chapters that need writing, but we're not getting far with
    > the current approach, so let's focus on delivering four core chapters first
    > as group led sub-projects, and then circle around and write the next four as
    > resources become available.
    >
    >
    >
    > Can folks volunteer for one of the four chapters:
    >
    >
    >
    > Authentication
    >
    > http://www.gaiabb.com/wiki/index.php/DG-B03-AUTHN
    >
    >
    >
    > Access Control
    >
    > http://www.gaiabb.com/wiki/index.php/DG-B05-AUTHZ
    >
    >
    >
    > Input Validation
    >
    > http://www.gaiabb.com/wiki/index.php/DG-B06-INPVAL
    >
    >
    >
    > Output Encoding
    >
    > http://www.gaiabb.com/wiki/index.php/DG-B07-OUTENC
    >
    >
    >
    > I'd ideally like to see teams of two or three or more for each chapter.
    > Let's write a draft and we'll polish and edit from there.
    >
    >
    >
    > There are specific things I want each chapter to hit. Each documented
    > control should be comprehensive, concise and readable, preferably have good
    > flows documented using UML swim lane diagrams and pictures, and a list of
    > anti-patterns at the end.
    >
    >
    >
    > I will be holding out for a higher standard than many currently practice -
    > we need to lead, not document common worst practice.
    >
    >
    >
    > For example in authentication, we will not be documenting password recovery
    > using questions and answers as I firmly believe these to be a strong
    > anti-pattern. In input validation, we will be using positive validation as
    > the first choice right through to no validation, but we should always prefer
    > positive validation. Output encoding should be encouraging the encoding of
    > all non-literals, even if it's (currently) safe to not encode them. This is
    > how ESAPI does it, for example.
    >
    >
    >
    > +Kevin Wall - as you requested a long time ago, let's have that G+
    > discussion on the crypto chapter. I totally agree it needs to be different
    > than the ASVS outline. I would like you to lead the re-development of that
    > chapter, and to bring in people you feel that could help you write it to the
    > standards you want to see.
    >
    >
    >
    > thanks,
    >
    > Andrew
    >
    >
    > _______________________________________________
    > Owasp-guide mailing list
    > Owasp-guide at lists.owasp.org
    > https://lists.owasp.org/mailman/listinfo/owasp-guide
    >
    >
    > _______________________________________________
    > Owasp-guide mailing list
    > Owasp-guide at lists.owasp.org
    > https://lists.owasp.org/mailman/listinfo/owasp-guide
    >
    _______________________________________________
    Owasp-guide mailing list
    Owasp-guide at lists.owasp.org
    https://lists.owasp.org/mailman/listinfo/owasp-guide





--------------------------------------------------------------------------------
_______________________________________________
Owasp-guide mailing list
Owasp-guide at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-guide

--------------------------------

R. Bradley Andrews
andrews at rbacomm.com
CISSP, CSSLP, CISM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-guide/attachments/20130328/0f50a95f/attachment.html>


More information about the Owasp-guide mailing list