[Owasp-topten] OWASP Top 10 2010 Cheat Sheet

Dave Wichers dave.wichers at aspectsecurity.com
Tue Feb 9 07:54:45 EST 2010


I think 'some' of the cheat sheets are certainly too long, but they have
enough momentum that I don't want to derail their current approach. We
could certainly pull some of the tutorial or overly detailed material
out and put them in the Guide instead, but they might then be 'lost' in
the size of the guide.

I think we should find a new name for your document, which is very
useful, and make that available as well. Although something even shorter
than the Top 10's level of detail seems pretty tough to develop. It was
hard to do the Top 10 itself.

Maybe your doc should be called the Top 10 checklist, or something??

Thanks, Dave

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Andrew van
der Stock
Sent: Tuesday, February 09, 2010 7:44 AM
To: Mike Boberski
Cc: owasp-topten at lists.owasp.org
Subject: [Owasp-topten] OWASP Top 10 2010 Cheat Sheet

Hi Mike (and everyone),

I think some of the cheat sheets for the Top 10 2010 are far too long.
Most of the material in there repeats things that more properly belong
on the various Guide pages. To me, a cheat sheet is short and sweet -
the things you must do to avoid the issue permanently. 

So I created this instead. It covers all Top 10 items in two pages.

http://www.greebo.net/owasp/OWASP%202010%20Top%2010%20Cheat%20Sheet.pdf

Developers really need a single piece of paper they can have on their
desk, and this does it (as long as you double side it!) It assumes some
knowledge, but I'm happy to consider changes to make it work for ab
initio /  journeyman developers as long as we can still squeeze into two
pages.

Let me know what you think. I'll make changes, and when you're happy,
I'll donate it all to OWASP. 

thanks,
Andrew
_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten


More information about the Owasp-topten mailing list