[Owasp-topten] OWASP Top 10 2010 Cheat Sheet

Boberski, Michael [USA] boberski_michael at bah.com
Tue Feb 9 11:01:08 EST 2010


I like the format, whatever it ends up be called or further refined into.

Minor comment re "This cheat sheet is not the only way to achieve compliance with the Top 10 2010" on page 2, I think that statements about "compliance" in general should be with respect to ASVS, now that it exists.

People tend to "stop" in terms of efforts to verify/secure things when they hit the top x of whatever top x list, rather than continue on to ensure that a targeted overall level of security has been achieved.

Best,
 
Mike B.

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Tuesday, February 09, 2010 7:55 AM
To: Andrew van der Stock; Mike Boberski
Cc: owasp-topten at lists.owasp.org
Subject: Re: [Owasp-topten] OWASP Top 10 2010 Cheat Sheet

I think 'some' of the cheat sheets are certainly too long, but they have enough momentum that I don't want to derail their current approach. We could certainly pull some of the tutorial or overly detailed material out and put them in the Guide instead, but they might then be 'lost' in the size of the guide.

I think we should find a new name for your document, which is very useful, and make that available as well. Although something even shorter than the Top 10's level of detail seems pretty tough to develop. It was hard to do the Top 10 itself.

Maybe your doc should be called the Top 10 checklist, or something??

Thanks, Dave

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Andrew van der Stock
Sent: Tuesday, February 09, 2010 7:44 AM
To: Mike Boberski
Cc: owasp-topten at lists.owasp.org
Subject: [Owasp-topten] OWASP Top 10 2010 Cheat Sheet

Hi Mike (and everyone),

I think some of the cheat sheets for the Top 10 2010 are far too long.
Most of the material in there repeats things that more properly belong on the various Guide pages. To me, a cheat sheet is short and sweet - the things you must do to avoid the issue permanently. 

So I created this instead. It covers all Top 10 items in two pages.

http://www.greebo.net/owasp/OWASP%202010%20Top%2010%20Cheat%20Sheet.pdf

Developers really need a single piece of paper they can have on their desk, and this does it (as long as you double side it!) It assumes some knowledge, but I'm happy to consider changes to make it work for ab initio /  journeyman developers as long as we can still squeeze into two pages.

Let me know what you think. I'll make changes, and when you're happy, I'll donate it all to OWASP. 

thanks,
Andrew
_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten
_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten


More information about the Owasp-topten mailing list