[Owasp-leaders] Cheat sheet vs code review guide and dev guide

Antonio Fontes antonio.fontes at owasp.org
Mon Jul 2 06:52:40 UTC 2012

Hi Eoin,

My 2cents: cheat sheets are directive, execution oriented. They
summarize "what should be done". An XSS cheat sheet means nothing to
someone who never had the opportunity of understanding how XSS works,
why it should be prevented and why remediation steps may sound more
complex than on other flaws.

Guides should explain all of this. I'd even prefer the term "manual" as
it would auto-describe itself more as teaching material rather than
"guidance material".


Antonio Fontes
OWASP Switzerland, board member
OWASP Geneva, chapter leader
  skype: antonio.fontes

On 01.07.2012 23:42, Eoin wrote:
> Hi leaders,
> It has occurred to me:
> What should the code review guide and dev guides cover which is different to the cheat sheets? Cheer sheets are highly pragmatic, bang for your buck docs. Dev and code review guides are larger longform docs covering the entire dev and review process but what makes them different?
> Thoughts my good sirs/lady's
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list