[Owasp-topten] OWASP Top 10 2009

Dave Wichers dave.wichers at owasp.org
Fri Mar 13 13:58:23 EDT 2009


Neil,

 

Did you and/or Andrew ever get a chance to make progress on this coding
standard/best practices document? This would be great to have for OWASP.

 

Along those lines, Jeff Williams and myself have each produced a
'Prevention' Cheat Sheet, which is along those lines. They address XSS and
SQL Injection respectively.

 

See:
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_S
heet

 

And http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

 

We will certainly be referencing these in the new Top 10, but if we had
other articles like this on the rest of the topics we would reference these
as well. These are essentially the same stuff that should be in the OWASP
guide, but unfortunately that document is a bit dated, and doesn't
necessarily have in-depth coverage on each of the Top 10 topics to the
degree that we would like.

 

Seems like any update to the Development guide or any type of Top 10 Secure
coding guide could reference these articles.

 

-Dave

 

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Neil Smithline
Sent: Monday, September 22, 2008 11:08 PM
To: Andrew van der Stock
Cc: Dinis Cruz; owasp-topten at lists.owasp.org; Leonardo Cavallari Militelli
Subject: Re: [Owasp-topten] OWASP Top 10 2009

 

Hey Andrew - I'm game to take a crack at the coding standard. I'm into that
stuff. Can you send me what you have and what your thoughts going forward
are and I'll figure out if I can just help or if I can take the lead (which
I'm hoping but life so often gets in the way of fun :-)

Thanks - Neil

PS: I would love to help on the next T10 as well.

(Sorry for the dup Andrew)


Neil Smithline
Professional: http://www.OneStopAppSecurity.com
     Reducing Your Risk and Safeguarding Your Investment by Securing Your
Application
Personal: http://www.Smithline.net

On Mon, Sep 22, 2008 at 23:06, Neil Smithline <neil at smithline.net> wrote:

Hey Andrew - I'm game to take a crack at the coding standard. I'm into that
stuff. Can you send me what you have and what your thoughts going forward
are and I'll figure out if I can just help or if I can take the lead (which
I'm hoping but life so often gets in the way of fun :-)

Thanks - Neil

PS: I would love to help on the next T10 as well.

(Sorry for the dup Andrew)




Neil Smithline
Professional: http://www.OneStopAppSecurity.com
     Reducing Your Risk and Safeguarding Your Investment by Securing Your
Application
Personal: http://www.Smithline.net

On Wed, Sep 17, 2008 at 19:42, Andrew van der Stock <vanderaj at owasp.org>
wrote:

Hi there,

There's going to be a discussion of the Top 10 at the OWASP EU Summit.
Is anyone going? Can anyone do a small talk - I can help prepare the
slides, but I cannot help with the presentation as I'm actually
training onsite whilst the summit is on.

I have a small surprise for folks as well. I've been working on a
"OWASP Coding Standard", i.e. a very short document on the things
coders should be doing, but it's in early stages and needs a leader of
its own. I only have so many hours, and not as many as I would like.

thanks,
Andrew van der Stock





_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20090313/4472aaac/attachment.html 


More information about the Owasp-topten mailing list