[Owasp-guide] References in the DevGuide
Andrew van der Stock
vanderaj at owasp.org
Thu Jul 3 05:21:52 UTC 2014
Agreed - cites to Wikipedia as a general source of information is fine as
long as it's done with care. If there's a problem with the same content at
OWASP, to me that's a gap that should be identified and notified to the
leaders list to get fixed. We might do the fixing, but many of the pages as
you note are either missing, too technical or don't hit the right note.
Let's get owasp.org right whilst we notice these things, otherwise OWASP
will eventually descend into irrelevance.
On Thu, Jul 3, 2014 at 2:43 PM, Kevin W. Wall <kevin.w.wall at gmail.com>
> Actually, so far, I've been pretty impressed by the quality of the
> crypto-related materials on
> Wikipedia. In general, they are accurate, complete, and for the most
> part, approachable.
> Certainly there are exceptions. And of course the biggest risk is that
> they can be edited
> by anyone who is pretty much clueless.
> By contrast, OWASP is exceptionally weak in this area and most of the
> academic papers
> on the subject are beyond the comprehension of the casual developer or
> security person.
> I even struggle with many of them and have to read and re-read them a
> few times until
> I get the gist of it. And I just don't think anyone but a diehard
> crypto person would ever
> read most of those papers because many of them are dense and laden with
> that would make the average Joe Developer's head spin.
> So that's why I try to reference good books when possible. E.g, I find the
> _Handbook of Applied Cryptography_ by Menezes, et al to be quite
> an a version of it is online to boot.
> OTOH, here's what I currently have for my references:
> * http://www.keylength.com/
> * Alfred Menezes, Paul van Oorschot, Scott Vanstone, Handbook of
> Applied Cryptography, 1997, CRC Press, ISBN 0-8493-8523-7. (Online:
> * NIST Special Publications 800-57, Recommendation for Key Management
> – Part 1: General (Revision 3). (Online:
> * ENISA (editor: Nigel P. Smart), Algorithms, Key Sizes, and
> Parameters Report: 2013 Recommendations,
> * Neils Ferguson, Bruce Schneier, Tadayoshi Kohno, Cryptography
> Engineering: Design Principles and Practical Applications, 2010, Wiley
> Publishing Inc, ISBN 978-0=470-47424-2.
> BTW, you never responded to my email about the "path" that we use for
> embedding images?
> I see the 'images' directory, but do we use "/images/img.png" or
> "file://images/img.png" or
> file:images/img.png" or what?
> On Wed, Jul 2, 2014 at 11:55 PM, Andrew van der Stock
> <vanderaj at owasp.org> wrote:
> > Hi folks,
> > When writing new chapters, I don't mind references to Wikipedia, but
> > reference primary sources (such as academic papers, blogs, etc, and
> links to
> > OWASP first, and Wikipedia last. The OWASP Wiki should be the canonical
> > application security body of knowledge. Wikipedia is a good general
> > of information, but is not a primary source.
> > For more information about citing Wikipedia, please review this blog post
> > from Thesis Whisperer (which is an excellent research blog for those who
> > doing their masters or PhD dissertations).
> > http://thesiswhisperer.com/2011/05/05/what-the-wiki/
> > If there's a gap at OWASP, let's talk about the gap as we need the
> > wiki to be complete.
> > Again, I don't mind linking to Wikipedia with care, but I want us to be a
> > primary source and to reference other primary sources before referencing
> > general purpose reference.
> > thanks,
> > Andrew
> > _______________________________________________
> > Owasp-guide mailing list
> > Owasp-guide at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-guide
> Blog: http://off-the-wall-security.blogspot.com/
> NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-guide