[Owasp-leaders] [Owasp-guide] cheat sheets and the development guide

Dave Wichers dave.wichers at owasp.org
Thu Apr 1 08:33:29 EDT 2010

They were originally launched with the XSS cheat sheet and I found it useful
enough to create the SQL Injection cheat sheet. Then, when I was working on
the Top 10, I thought it would be great to have 1 per Top 10 item, so I've
encouraged the creation of more, and we now have about 5-6 of them. Some
topics are far to broad for a cheat sheet so getting to 10 probably won't
make sense. The Top 10 only has room for 1 page per top 10 item which isn't
very much so the cheat sheets allow me to provide more details on these
subjects in the Top 10 by reference, rather than direct inclusion.


I agree that the content is related to the Guide. My thoughts on the cheat
sheets were that they should be as short as they reasonably can be, in order
to serve as a quick reference, and that the guide would provide far more
detailed information. I could certainly imagine some of the deeper details
moving from the cheat sheets into the Guide in order to shorten the cheat
sheets/make them more concise, but I do think there is a benefit to having
them separate as quick references. The guide should certainly refer to them
as well, I would think.




From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Wednesday, March 31, 2010 4:34 PM
To: Boberski, Michael [USA]
Cc: owasp-guide at lists.owasp.org; Kevin W. Wall;
owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] [Owasp-guide] cheat sheets and the development


I believe they are an accompaniment for the top 10, or were intended to be?
We could put them all together in an appendix?

On Mar 31, 2010 7:11 p.m., "Boberski, Michael [USA]"
<boberski_michael at bah.com> wrote:

I would propose putting it here, with a note about proposing its inclusion
in ASVS and across future guides:


The glossaries across docs should be the same. This next rev of the dev
guide will undoubtedly prompt changes to ASVS, this would be an example of a
change to its copy of a glossary.

I would like to see the next rev of ASVS driven by next revs of the
development and other guides, it's a pretty good argument for change if
there's a chapter of explanation about something, but that is something the
ASVS project has not explored yet in great detail.


Mike B.

-----Original Message----- From: owasp-guide-bounces at lists.owasp.org
[mailto:owasp-guide-bounces at l...

Owasp-guide mailing list
Owasp-guide at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100401/2f388605/attachment-0001.html 

More information about the OWASP-Leaders mailing list