[Owasp-leaders] Secure Coding Cheatsheet

Neil Matatall neil at owasp.org
Tue Oct 25 16:56:56 EDT 2011


I hope that is the case.  I've been wanting this for years

On Tue, Oct 25, 2011 at 1:53 PM, Michael Coates
<michael.coates at owasp.org> wrote:
> Nischal,
> I'm not sure if I am following correctly. Is this company interested in
> contributing some of there cheat sheets or sample code to OWASP?   If so, I
> think that would be great to incorporate this kind of information where it
> makes sense.
> Thanks,
>
> Michael Coates
> OWASP
>
>
>
> On Oct 25, 2011, at 1:05 PM, Bhalla, Nishchal wrote:
>
> Have you guys see SDElements.com (yeah, I know it is a plug) but that is
> what the whole product does. Lots of cheatsheets / forgetme not lists /
> checkslists and sample code. We are realizing a free version out soon too.
>
>
> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On
> Behalf Of Michael Coates
> Sent: Tuesday, October 25, 2011 12:26 PM
> To: Jason Li
> Cc: owasp-leaders at lists.owasp.org Owasp; Keith Turpin
> Subject: Re: [Owasp-leaders] Secure Coding Cheatsheet
>
> Ah, very interesting. Perhaps these two efforts can work together.
>
> My initial thoughts.
>
> 1 - Let's get this data onto a webpage.  Nothing turns away people quicker
> than having to download a pdf (its odd, it only takes 3 extra seconds but
> many people will just hit back and look for another source)
> 2 - The quick reference guide is 20 pages. How do we trim that to be much
> more "quick" while still keeping all the core info we need.
>
>
> Michael Coates
> OWASP
>
>
>
>
> On Oct 25, 2011, at 9:19 AM, Jason Li wrote:
>
> FYI - there is already a similar OWASP project to create a concise list of
> secure coding practices.
>
> It is lead by Keith Turpin and was donated by Boeing (complete with
> copyright assignment and handover):
>
> https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide
>
>
> -Jason
>
> On Tue, Oct 25, 2011 at 12:01 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
> Leaders,
>
> A few weeks back I posted[1] on the Mozilla Web Security blog about a secure
> coding guidelines document that we use at Mozilla. I made the post on a
> Friday evening with very little expectations of many hits (you bloggers now
> a friday evening post is the worst time).  To my surprise the developer
> community really got excited and I had 40,000 views of the page over the
> weekend with lots of retweets from developers.
>
> My take away to the positive response was that I believe many developers
> were happy to see a relatively concise document that gave the high points of
> secure development practices.  I'd like to bring this document into the
> OWASP Cheat Sheet Series as the "Secure Coding Cheat Sheet".  This is a
> pretty lofty title so before jumping into the water I wanted to get the
> community's feedback on the idea.  I also understand we have the secure
> coding handbook already. This document is intended to be small and concise
> versus the more in depth information provided in that book.
>
> Here is the link to the current page:
> https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
>
> Here are the objectives of this document:
> - Concise - Less is more. No developer wants to look through 300 pages to
> understand what they need to do. This document is a high level blue print.
> - Describes "What" not "how" - In other words, this document describes to
> the developer that they should be doing X. If they don't know what X is,
> then they need to follow the links to read more.
> - Complete - The document attempts to cover the major areas that developers
> encounter (we may need to add some areas)
>
> Points for consideration:
> - This document was created for Mozilla developers with specific
> recommendations based on Mozilla's controls and risk posture. We'd need to
> change and update some things to be more generic for an OWASP version
> - The document may be a little messy and could use some rewording and
> clarification in an OWASP form
>
>
> So, my question to the community is this, what do you think? How should we
> modify this document if it is to be added as a Secure Coding Cheat Sheet? Is
> that the right title or even the right place in our OWASP projects?
>
>
> [1]
>http://blog.mozilla.com/webappsec/2011/09/30/mozillas-secure-coding-guidelines-for-web-applications/
>
>
> --
> Michael Coates
> OWASP
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


More information about the OWASP-Leaders mailing list