[Owasp-leaders] Cheat sheet vs code review guide and dev guide

Eoin Keary eoin.keary at owasp.org
Mon Jul 2 10:10:47 UTC 2012


I suppose the concern I have is overlap and inconsistencies across various
guides/sheets.
There should be allot of cross referencing going on I'd say. this is a
perfect fit for the OWASP common numbering project in order to tie things
together. I am not sure what the status of this project is but ill check it
out.





On Mon, Jul 2, 2012 at 7:52 AM, Antonio Fontes <antonio.fontes at owasp.org>wrote:

>
> Hi Eoin,
>
> My 2cents: cheat sheets are directive, execution oriented. They
> summarize "what should be done". An XSS cheat sheet means nothing to
> someone who never had the opportunity of understanding how XSS works,
> why it should be prevented and why remediation steps may sound more
> complex than on other flaws.
>
> Guides should explain all of this. I'd even prefer the term "manual" as
> it would auto-describe itself more as teaching material rather than
> "guidance material".
>
> AFO
>
> --
> Antonio Fontes
> OWASP Switzerland, board member
> OWASP Geneva, chapter leader
>   skype: antonio.fontes
>
> On 01.07.2012 23:42, Eoin wrote:
> > Hi leaders,
> > It has occurred to me:
> >
> > What should the code review guide and dev guides cover which is
> different to the cheat sheets? Cheer sheets are highly pragmatic, bang for
> your buck docs. Dev and code review guides are larger longform docs
> covering the entire dev and review process but what makes them different?
> > Thoughts my good sirs/lady's
> >
> >
> >
> > Eoin Keary
> > Owasp Global Board
> > +353 87 977 2988
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
Global Board Member (Vice Chair)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120702/73133a39/attachment-0001.html>


More information about the OWASP-Leaders mailing list