[Owasp-leaders] Web Service Cheaters!

Jim Manico jim.manico at owasp.org
Sun Oct 9 18:36:56 EDT 2011


Eoin,

Regarding...

https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet

... this guide is just a high level cheat to help understand the problem 
of web service security from a high level, quickly.

We also need more prescriptive cheat sheets such as ...

OWASP WS-* Cheatsheet...
SOAP Cheatsheet
REST Cheatsheet

... and even more framework specific, like Melton suggests ...

OWASP Java Axis 2 Cheatsheet
Spring Rest Cheatsheet
PHP Soap Cheatsheet

and so on. And I would think we will see more code samples like you 
suggest in these lower level cheat sheets.

But by all means, we could really use the communities help, especially 
you, Eoin. :) Please jump in and help us make ...

https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet

... better of a cheat! :)

Cheers,
- Jim

> It seems very high level to me.
> Not too many answers for developers on "how" to do something. But rather on "what".
> Should content on WS have some detail such as what is in the (old) code review guide?
> https://www.owasp.org/index.php/Reviewing_Web_Services
>
>
> Ek
>
> Sent from my iPad
>
> On 7 Oct 2011, at 04:52, Jim Manico<jim.manico at owasp.org>  wrote:
>
>> Hello Leaders,
>>
>> We just pushed our first version of the Web Service Security cheat sheet here:
>>
>> https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet
>>
>> Thanks to Gunnar Peterson for getting us started, to Sherif Koussa for driving it home, and for that many others who helped provide content and suggestions.
>>
>> I would be very grateful if the web service security experts in our community would take a peek (its a fast read) and provide comments.
>>
>> Thanks all,
>>
>> -- 
>> Jim Manico
>>
>> Connections Committee Chair
>> Cheatsheet Series Product Manager
>> OWASP Podcast Producer/Host
>>
>> jim at owasp.org
>> www.owasp.org
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list