[OWASP-wiki-editors] Let us clean up the wiki
Jim Manico
jim.manico at owasp.org
Thu Jun 26 11:43:19 UTC 2014
OWASP,
It's time to undertake a fairly large and continuous effort to clean up
and maintain an updated wiki and _*your help is desperately needed*_.
But where do we start? The wiki is fairly large at this point and the
task to clean up is significant.
There are two major phases to the cleanup project.
1) First, please understand our new tagging attribution system for
flagging deprecated or out of date content.
2) Next, start reviewing important content in a tactical way and flag
them as is appropriate.
So lets start with how to tag old content. The new tagging system is
described in detail here with several examples.
https://www.owasp.org/index.php/Template:TaggedDocument Please review
this document to see how to tag various stages of inactive content. Here
are the main examples to focus on:
Example 1: *innactiveDraft* : content that has never been finished and
needs to be finished
Example 3: *old* : old content that is worth salvaging, needs major update
Example 5: *historical* : old content that is NOT worth salvaging but
should be kept around for archival purposes
Example 6: *merge* : this page is redundant and should be merged into
other content
Example 7: *pls_review* : flag content that looks iffy but needs more
detailed review
Example 8: *delete* : suggest permanent removal from the wiki
Also: Please flag ultra important or popular pages as
*[[Category:Popular]]* so they get regular review.
Again, check out https://www.owasp.org/index.php/Template:TaggedDocument
which gives very specific examples as to how to tag various stages of
wiki inactivity.
So now that you are a tagging master, what next? But where do we start?
In the last 30 days, the following wiki pages have received the most
hits. If you would like to take a batch to review, please just let the
owasp-wiki-editors list know what numbers from this list you want to
"own" and provide us with feedback when done. (Or just email me directly
off-list). Numbers are page views.
1 /index.php/Main_Page OWASP Page: Home Page 91420
2 /index.php/XSS_Filter_Evasion_Cheat_Sheet XSS 41877
3 /index.php/Category:OWASP_Top_Ten_Project Top 10 35303
4 /index.php/Top_10_2013-Top_10 Top 10 28901
5 /index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet CSRF
28346
6 /index.php/Cross-site_Scripting_(XSS) XSS 27351
7 /index.php/OWASP_Zed_Attack_Proxy_Project Tool: ZAP 20366
8 /index.php/Category:OWASP_Download OWASP Page: Download Page 16548
9 /index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
CSRF 15018
10 /index.php/SQL_Injection_Prevention_Cheat_Sheet SQL Injection 14988
11 /index.php/Top10 Top 10 14787
12 /index.php/OWASP_Testing_Guide_v4_Table_of_Contents Project:
Testing Guide 13292
13 /index.php/SQL_Injection SQL Injection 13178
14 /index.php/Testing_for_SQL_Injection_(OWASP-DV-005) SQL Injection
13155
15 /index.php/Category:OWASP_WebScarab_Project Tool: WebScarab 12206
16 /index.php/About_OWASP OWASP Page: About OWASP 10533
17 /index.php/Cross-Site_Request_Forgery_(CSRF) CSRF 10506
18 /index.php/REST_Security_Cheat_Sheet Cheat Sheet 9899
19 /index.php/Category:OWASP_WebGoat_Project Tool: WebGoat 9833
20 /index.php/Category:Attack OWASP Page: Category Attack 9205
21 /index.php/HttpOnly OWASP Page: HttpOnly 8871
22 /index.php/OWASP_Mobile_Security_Project
8740
23 /index.php/Top_10_2013-A1-Injection Top 10 8661
24 /index.php/Category:OWASP_Project
8496
25 /index.php/Top_10_2013 Top 10 8068
26 /index.php/Web_Application_Firewall
7920
27 /index.php/Cheat_Sheets Cheat Sheet 7614
28 /index.php/Session_Management_Cheat_Sheet Cheat Sheet 7317
29 /index.php/Category:OWASP_Enterprise_Security_API Project: ESAPI 7226
30 /index.php/Blind_SQL_Injection SQL Injection 7002
31
/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002)
SSL 6898
32 /index.php/Source_Code_Analysis_Tools
6755
33 /index.php/Category:Vulnerability_Scanning_Tools
6510
34 /index.php/Authentication_Cheat_Sheet Cheat Sheet 6358
35 /index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
6334
36 /index.php/Testing_for_Cross_site_scripting
6189
37 /index.php/PHP_Security_Cheat_Sheet
6168
38 /index.php/Category:OWASP_Testing_Project
6142
39 /index.php/XML_External_Entity_(XXE)_Processing
6089
40 /index.php/Category:OWASP_Guide_Project
5838
41 /index.php/Clickjacking
5770
42 /index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001)
5593
43 /index.php/Clickjacking_Defense_Cheat_Sheet
5474
44 /index.php/Category:OWASP_DirBuster_Project
5425
45 /index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
5361
46 /index.php/Category:Vulnerability
5341
47 /index.php/WebGoat_Installation
5287
48 /index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
5087
49 /index.php/ZAP
4522
50 /index.php/Certificate_and_Public_Key_Pinning
4416
51 /index.php/Unrestricted_File_Upload
4344
52 /index.php/Web_Application_Security_Testing_Cheat_Sheet
4339
53 /index.php/Web_Application_Penetration_Testing
4277
54 /index.php/Testing_for_Brute_Force_(OWASP-AT-004)
4225
55 /index.php/OWASP_HTTP_Post_Tool
4176
56 /index.php/OWASP_Testing_Project
4030
57 /index.php/DOM_based_XSS_Prevention_Cheat_Sheet
3975
58 /index.php/Appendix_A:_Testing_Tools
3936
59 /index.php/Top_10_2013-A4-Insecure_Direct_Object_References
3916
60 /index.php/OWASP_Chapter
3770
61 /index.php/Transport_Layer_Protection_Cheat_Sheet
3734
62 /index.php/Password_Storage_Cheat_Sheet
3695
63 /index.php/HTML5_Security_Cheat_Sheet
3677
64 /index.php/OWASP_Xenotix_XSS_Exploit_Framework
3642
65 /index.php/SecureFlag
3609
66 /index.php/Securing_tomcat
3599
67 /index.php/List_of_useful_HTTP_headers
3563
68 /index.php/Session_hijacking_attack
3548
69 /index.php/Top_10_2013-A6-Sensitive_Data_Exposure
3526
70 /index.php/Top_10_2013-A5-Security_Misconfiguration
3485
71 /index.php/Command_Injection
3482
72 /index.php/Data_Validation
3428
73 /index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
3366
74 /index.php/OWASP_Top_Ten_Cheat_Sheet
3301
75
/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
3279
76 /index.php/WebGoat_User_and_Install_Guide_Table_of_Contents
3148
77 /index.php/Category:OWASP_Java_Project
3129
78 /index.php/Category:OWASP_Code_Review_Project
3088
79 /index.php/Forgot_Password_Cheat_Sheet
3085
80 /index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)
3067
81 /index.php/Threat_Risk_Modeling
3059
82 /index.php/WebScarab_Getting_Started
2999
83 /index.php/HTTP_Strict_Transport_Security
2985
84 /index.php/Testing_for_XML_Injection_(OWASP-DV-008)
2982
85 /index.php/DOM_Based_XSS
2960
86
/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks
2939
87 /index.php/Session_Management
2925
88 /index.php/OWASP_Risk_Rating_Methodology
2920
89 /index.php/Testing_Guide_Introduction
2919
90 /index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control
2916
91 /index.php/Japan
2903
92 /index.php/Category:OWASP_AntiSamy_Project
2870
93 /index.php/Preventing_SQL_Injection_in_Java
2810
94 /index.php/Input_Validation_Cheat_Sheet
2756
95 /index.php/Session_fixation
2704
96 /index.php/OWASP_Appsec_Tutorial_Series
2702
97 /index.php/OWASP_Cheat_Sheet_Series
2697
98 /index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards
2672
99 /index.php/Web_Service_Security_Cheat_Sheet
2668
100 /index.php/OWASP_Broken_Web_Applications_Project
2657
Here is another list to consider. In the last 30 days, the following
wiki pages have received the most TIME ON PAGE . If you would like to
take a batch to review, please just let the owasp-wiki-editors list know
what numbers from this list you want to "own" and provide us with
feedback when done. (Or just email me directly off-list). Numbers are
page views, new page views and time on page.
1 /index.php/HttpOnly 8871 8065 0:06:16
2 /index.php/HTTP_Strict_Transport_Security 2985 2668 0:06:07
3 /index.php/Test_HTTP_Methods_(OTG-CONFIG-006) 3366 3129 0:05:56
4
/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002)
6898 6299 0:05:46
5 /index.php/Certificate_and_Public_Key_Pinning 4416 3955 0:05:39
6 /index.php/Testing_for_SQL_Injection_(OWASP-DV-005) 13155 12308
0:05:32
7 /index.php/SecureFlag 3609 3313 0:05:26
8 /index.php/XSS_Filter_Evasion_Cheat_Sheet 41877 35236 0:05:11
9 /index.php/List_of_useful_HTTP_headers 3563 3013 0:05:11
10
/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
15018 13601 0:05:06
11 /index.php/Testing_for_XML_Injection_(OWASP-DV-008) 2982 2740
0:04:56
12 /index.php/Securing_tomcat 3599 3230 0:04:50
13 /index.php/PHP_Security_Cheat_Sheet 6168 5655 0:04:44
14 /index.php/Session_fixation 2704 2483 0:04:44
15 /index.php/XML_External_Entity_(XXE)_Processing 6089 5413 0:04:21
16 /index.php/Clickjacking_Defense_Cheat_Sheet 5474 4849 0:04:21
17 /index.php/Data_Validation 3428 3165 0:04:21
18 /index.php/Threat_Risk_Modeling 3059 2672 0:04:20
19 /index.php/DOM_Based_XSS 2960 2684 0:04:16
20 /index.php/SQL_Injection_Prevention_Cheat_Sheet 14988 13643 0:04:13
21 /index.php/REST_Security_Cheat_Sheet 9899 8988 0:04:12
22 /index.php/Testing_for_Cross_site_scripting 6189 5665 0:04:12
23 /index.php/Testing_Guide_Introduction 2919 2694 0:04:12
24 /index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
28346 24586 0:04:10
25
/index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001)
5593 5062 0:04:09
26 /index.php/OWASP_Zed_Attack_Proxy_Project 20366 16424 0:03:52
27 /index.php/OWASP_Xenotix_XSS_Exploit_Framework 3642 2700 0:03:52
28 /index.php/Web_Application_Firewall 7920 6986 0:03:48
29 /index.php/Session_Management_Cheat_Sheet 7317 6654 0:03:47
30 /index.php/Transport_Layer_Protection_Cheat_Sheet 3734 3324 0:03:44
31 /index.php/Cross-Site_Request_Forgery_(CSRF) 10506 9537 0:03:41
32 /index.php/Category:Vulnerability_Scanning_Tools 6510 5279 0:03:32
33 /index.php/Clickjacking 5770 5133 0:03:31
34 /index.php/Preventing_SQL_Injection_in_Java 2810 2559 0:03:31
35 /index.php/OWASP_Broken_Web_Applications_Project 2657 2180 0:03:29
36 /index.php/HTML5_Security_Cheat_Sheet 3677 3412 0:03:25
37 /index.php/DOM_based_XSS_Prevention_Cheat_Sheet 3975 3668 0:03:23
38 /index.php/Password_Storage_Cheat_Sheet 3695 3387 0:03:23
39 /index.php/Session_hijacking_attack 3548 3183 0:03:23
40 /index.php/OWASP_Risk_Rating_Methodology 2920 2513 0:03:22
41 /index.php/WebGoat_Installation 5287 3739 0:03:20
42 /index.php/Web_Application_Security_Testing_Cheat_Sheet 4339
3974 0:03:16
43 /index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards
2672 2393 0:03:16
44 /index.php/Web_Service_Security_Cheat_Sheet 2668 2465 0:03:16
45 /index.php/Cross-site_Scripting_(XSS) 27351 24278 0:03:12
46 /index.php/Source_Code_Analysis_Tools 6755 5704 0:03:12
47 /index.php/Blind_SQL_Injection 7002 5970 0:03:10
48 /index.php/Category:OWASP_Enterprise_Security_API 7226 5231 0:03:07
49 /index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
5361 3949 0:03:06
50 /index.php/Appendix_A:_Testing_Tools 3936 3313 0:03:05
51 /index.php/Category:OWASP_AntiSamy_Project 2870 2265 0:03:03
52 /index.php/WebScarab_Getting_Started 2999 2519 0:03:02
53 /index.php/Category:OWASP_WebScarab_Project 12206 7287 0:02:59
54 /index.php/Session_Management 2925 2676 0:02:59
55 /index.php/ZAP 4522 4052 0:02:57
56 /index.php/Category:OWASP_DirBuster_Project 5425 4284 0:02:55
57 /index.php/Top_10_2013-A5-Security_Misconfiguration 3485 2992
0:02:55
58 /index.php/Japan 2903 2145 0:02:51
59 /index.php/SQL_Injection 13178 11465 0:02:50
60 /index.php/Authentication_Cheat_Sheet 6358 5698 0:02:49
61 /index.php/Testing_for_Brute_Force_(OWASP-AT-004) 4225 3308 0:02:47
62 /index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control
2916 2507 0:02:47
63 /index.php/Top_10_2013-Top_10 28901 21359 0:02:46
64 /index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)
3067 2681 0:02:46
65 /index.php/Top_10_2013-A6-Sensitive_Data_Exposure 3526 2972 0:02:43
66 /index.php/Top_10_2013-A4-Insecure_Direct_Object_References
3916 3353 0:02:42
67
/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
6334 5130 0:02:40
68 /index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) 5087 4169
0:02:40
69 /index.php/Input_Validation_Cheat_Sheet 2756 2507 0:02:39
70 /index.php/Top_10_2013-A1-Injection 8661 7066 0:02:37
71 /index.php/OWASP_Appsec_Tutorial_Series 2702 2434 0:02:33
72
862298 711860 0:02:33
73 /index.php/Unrestricted_File_Upload 4344 3458 0:02:32
74 /index.php/Forgot_Password_Cheat_Sheet 3085 2775 0:02:30
75 /index.php/Category:OWASP_WebGoat_Project 9833 7643 0:02:20
76 /index.php/OWASP_Top_Ten_Cheat_Sheet 3301 2945 0:02:20
77
/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
3279 2370 0:02:14
78 /index.php/Command_Injection 3482 2708 0:02:08
79 /index.php/OWASP_Mobile_Security_Project 8740 5737 0:02:02
80 /index.php/OWASP_HTTP_Post_Tool 4176 2824 0:01:52
81 /index.php/Top10 14787 10770 0:01:45
82 /index.php/Main_Page 91420 72091 0:01:38
83 /index.php/About_OWASP 10533 9245 0:01:36
84 /index.php/Category:OWASP_Guide_Project 5838 4333 0:01:33
85 /index.php/OWASP_Testing_Guide_v4_Table_of_Contents 13292 9016
0:01:29
86 /index.php/Category:OWASP_Code_Review_Project 3088 2429 0:01:29
87 /index.php/Category:OWASP_Top_Ten_Project 35303 29029 0:01:27
88 /index.php/Category:Vulnerability 5341 3983 0:01:26
89
/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks 2939
1751 0:01:22
90 /index.php/Category:Attack 9205 6772 0:01:17
91 /index.php/Category:OWASP_Project 8496 6355 0:01:17
92 /index.php/OWASP_Testing_Project 4030 3339 0:01:16
93 /index.php/Web_Application_Penetration_Testing 4277 3094 0:01:15
94 /index.php/Category:OWASP_Download 16548 12493 0:01:13
95 /index.php/Category:OWASP_Java_Project 3129 2575 0:01:06
96 /index.php/OWASP_Cheat_Sheet_Series 2697 1970 0:01:06
97 /index.php/Cheat_Sheets 7614 6085 0:01:00
98 /index.php/Category:OWASP_Testing_Project 6142 5042 0:00:55
99 /index.php/OWASP_Chapter 3770 3088 0:00:43
100 /index.php/WebGoat_User_and_Install_Guide_Table_of_Contents 3148
1929 0:00:43
101 /index.php/Top_10_2013 8068 7038 0:00:42
If you have any questions let me know. Your participation here is
fundamental and instrumental in keeping the foundation relevant and
being in service to the mission.
Thank you!
Aloha,
Jim Manico
OWASP Board Member
@Manicode
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20140626/d488692f/attachment-0001.html>
More information about the OWASP-wiki-editors
mailing list