[Owasp-leaders] Owasp projects reboot

Fabio Cerullo fcerullo at owasp.org
Sun Apr 1 10:45:58 UTC 2012

My pick list would be:

The {dev,review,test} guides as suggested by several already. 

ASVS has been left untouched for awhile and requires a good revamp. 

All flavours of ESAPI and its corresponding documentation. I've been asked several times for supporting documentation and libraries other than Java.

These projects are core to OWASP and actively used by many organisations. Improving them will only make them more widely accepted and adopted by new ones.


Sent from my iPad

On 1 Apr 2012, at 10:55, Andrew van der Stock <vanderaj at owasp.org> wrote:

> Hi all,
> I think this is a great idea. I would be up for a revision of the OWASP Developer Guide. But I am not an island, I would need help. In particular, I think we need to hit a few different output mechanisms. I've looked into iBooks Author and we can provide a freebie download from the OWASP website for folks with iPads without losing our distribution or other rights. As long as the material has a single source of truth that allows low barriers to entry for collaboration and revision control, I don't think we need to make the process of contributing too onerous. 
> My hit list if you had a large bucket of cash:
> {Dev, test, code} Guides (call me biased)
> ESAPI for {Java, .NET, PHP} (again biased)
> We also need to fund the development of new materials on the oft forgotten but really fundamental left hand side of equation
> Education project, in particular take my sorta two day dev deck and really give it a good polish and some train the trainer videos so folks can give it all over the world
> Top 10 Proactive Controls (again I'm pretty biased)
> OWASP Architecture and Design Guide 
> Plus, for what it's worth, we really need to have an outreach project or champion to discuss security with key application frameworks and apps. I think .NET and GWT is doing fine without a great deal of help, but the others (Zend, Symfony, Spring, Rails, WordPress, MediaWiki, etc) could all use a bit of help, either to integrate ESAPI for their platform, or contribute ideas and be a security sounding board for them (we have to listen to their needs instead of unilaterally deciding what help they actually "need"). 
> thanks,
> Andrew
> On 31/03/2012, at 9:31 PM, Eoin wrote:
>> Hello leaders,
>> I am developing a proposal to be put to the board next week in relation to rebooting a number of dormant owasp projects or improving current owasp projects to "production quality" items.
>> Question: May I kindly ask what projects do you think are the 6 most important projects within the foundation??? 
>> Can you respond with your top 6 by Monday, sorry for being demanding :)
>> (My choices are: testing guide, development guide, code review guide, O2, Zap, cheat sheets.)
>> "we are nothing without our projects."
>> Eoin.
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list