[Owasp-leaders] Secure Coding Cheatsheet

Jim Manico jim.manico at owasp.org
Tue Oct 25 12:14:13 EDT 2011


I see this as a main "glossary" for the cheat sheet series. We can
definitely integrate this into OWASP were it will add great value to
the community.

Thanks Michael! :)

Jim Manico
(808) 652-3805

On Oct 25, 2011, at 12:02 PM, Michael Coates <michael.coates at owasp.org> wrote:

> Leaders,
> A few weeks back I posted[1] on the Mozilla Web Security blog about a secure coding guidelines document that we use at Mozilla. I made the post on a Friday evening with very little expectations of many hits (you bloggers now a friday evening post is the worst time).  To my surprise the developer community really got excited and I had 40,000 views of the page over the weekend with lots of retweets from developers.
> My take away to the positive response was that I believe many developers were happy to see a relatively concise document that gave the high points of secure development practices.  I'd like to bring this document into the OWASP Cheat Sheet Series as the "Secure Coding Cheat Sheet".  This is a pretty lofty title so before jumping into the water I wanted to get the community's feedback on the idea.  I also understand we have the secure coding handbook already. This document is intended to be small and concise versus the more in depth information provided in that book.
> Here is the link to the current page:
> https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
> Here are the objectives of this document:
> - Concise - Less is more. No developer wants to look through 300 pages to understand what they need to do. This document is a high level blue print.
> - Describes "What" not "how" - In other words, this document describes to the developer that they should be doing X. If they don't know what X is, then they need to follow the links to read more.
> - Complete - The document attempts to cover the major areas that developers encounter (we may need to add some areas)
> Points for consideration:
> - This document was created for Mozilla developers with specific recommendations based on Mozilla's controls and risk posture. We'd need to change and update some things to be more generic for an OWASP version
> - The document may be a little messy and could use some rewording and clarification in an OWASP form
> So, my question to the community is this, what do you think? How should we modify this document if it is to be added as a Secure Coding Cheat Sheet? Is that the right title or even the right place in our OWASP projects?
> [1] - http://blog.mozilla.com/webappsec/2011/09/30/mozillas-secure-coding-guidelines-for-web-applications/
> --
> Michael Coates
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list