[Owasp-leaders] More cheating

Jim Manico jim.manico at owasp.org
Sun Aug 14 08:38:01 EDT 2011


An "input validation cheat-sheet" in general would be a huge win.
Love it! If you send me your outline I'll iterate with you. I'd like
to see the tough stuff like canonicalization, char-set normalization,
file-upload input file validation, and some of the tough edge cases
when validating for redirect features in there.

We can "cheat" and still cover the tough topics. Cool "The Irish Guy" ?

Aloha,

--
Jim Manico

VP Security Architecture
WhiteHat Security, Inc
(808) 652-3805
jim.manico at whitehatsec.com
www.whitehatsec.com

On Aug 14, 2011, at 8:32 AM, Eoin Keary <eoinkeary at gmail.com> wrote:

> Far from being ambitious but cheat sheets for input validation for most popular frameworks would be compelling?
> I have some struts stuff done already in the code review guide but it needs to be re-jigged a little to reflect cheer sheet convention.
>
>
>
>
>
> On 14 Aug 2011, at 13:04, John Steven <John.Steven at owasp.org> wrote:
>
>> Jim,
>>
>> I suggest Struts 1.x (pre-1.3) and then Struts 2.x (including 1.3
>> paradigm shift) first. They all implement MVC which will be easier
>> than the IoC Spring implements.
>>
>> For Spring, I'd suggest skipping 1.x but treating 2.x and 3.x separately.
>>
>> Can I write a skeleton? Yes. Will do.
>>
>> -jOHN
>>
>> On Sun, Aug 14, 2011 at 8:00 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> One of our board members. :)
>>>
>>> I'm not looking for a major comprehensive guide, just a cheat-sheet
>>> similar to ... https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
>>> ... to be linked up to the rest of the series when done.
>>>
>>> Do you want to start with struts or spring first? Care to kick me an
>>> outline and I'll iterate with you over email and/or wiki?
>>>
>>> Aloha John,
>>> --
>>> Jim Manico
>>>
>>> On Aug 14, 2011, at 7:57 AM, John Steven <John.Steven at owasp.org> wrote:
>>>
>>>> I'm in for this, who is this twatter?
>>>>
>>>> On Sun, Aug 14, 2011 at 7:46 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>> Some Irish guy via twitter suggested that we build a cheat-sheet to
>>>>> lock down stuts and spring beyond just "set up validators". Great
>>>>> idea. Anyone have the time, energy and expertise to help make these
>>>>> happen?
>>>>>
>>>>> --
>>>>> Jim Manico
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Phone: 703.727.4034
>>>> Web: http://profiles.google.com/m1spl4c3ds0ul
>>>> Rss: http://feeds.feedburner.com/M1splacedOnTheWeb
>>>
>>
>>
>>
>> --
>> Phone: 703.727.4034
>> Web: http://profiles.google.com/m1spl4c3ds0ul
>> Rss: http://feeds.feedburner.com/M1splacedOnTheWeb


More information about the OWASP-Leaders mailing list