[OWASP-wiki-editors] Let us clean up the wiki

Jim Manico jim.manico at owasp.org
Thu Jun 26 11:43:19 UTC 2014


OWASP,

It's time to undertake a fairly large and continuous effort to clean up 
and maintain an updated wiki and _*your help is desperately needed*_.

But where do we start? The wiki is fairly large at this point and the 
task to clean up is significant.

There are two major phases to the cleanup project.

1) First, please understand our new tagging attribution system for 
flagging deprecated or out of date content.
2) Next, start reviewing important content in a tactical way and flag 
them as is appropriate.

So lets start with how to tag old content. The new tagging system is 
described in detail here with several examples. 
https://www.owasp.org/index.php/Template:TaggedDocument Please review 
this document to see how to tag various stages of inactive content. Here 
are the main examples to focus on:

Example 1: *innactiveDraft* : content that has never been finished and 
needs to be finished
Example 3: *old* : old content that is worth salvaging, needs major update
Example 5: *historical* : old content that is NOT worth salvaging but 
should be kept around for archival purposes
Example 6: *merge* : this page is redundant and should be merged into 
other content
Example 7: *pls_review* : flag content that looks iffy but needs more 
detailed review
Example 8: *delete* : suggest permanent removal from the wiki
Also: Please flag ultra important or popular pages as 
*[[Category:Popular]]* so they get regular review.

Again, check out https://www.owasp.org/index.php/Template:TaggedDocument 
which gives very specific examples as to how to tag various stages of 
wiki inactivity.

So now that you are a tagging master, what next? But where do we start?

In the last 30 days, the following wiki pages have received the most 
hits. If you would like to take a batch to review, please just let the 
owasp-wiki-editors list know what numbers from this list you want to 
"own" and provide us with feedback when done. (Or just email me directly 
off-list).   Numbers are page views.

1 	/index.php/Main_Page 	OWASP Page: Home Page 	91420
2 	/index.php/XSS_Filter_Evasion_Cheat_Sheet 	XSS 	41877
3 	/index.php/Category:OWASP_Top_Ten_Project 	Top 10 	35303
4 	/index.php/Top_10_2013-Top_10 	Top 10 	28901
5 	/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet 	CSRF 
28346
6 	/index.php/Cross-site_Scripting_(XSS) 	XSS 	27351
7 	/index.php/OWASP_Zed_Attack_Proxy_Project 	Tool: ZAP 	20366
8 	/index.php/Category:OWASP_Download 	OWASP Page: Download Page 	16548
9 	/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet 
CSRF 	15018
10 	/index.php/SQL_Injection_Prevention_Cheat_Sheet 	SQL Injection 	14988
11 	/index.php/Top10 	Top 10 	14787
12 	/index.php/OWASP_Testing_Guide_v4_Table_of_Contents 	Project: 
Testing Guide 	13292
13 	/index.php/SQL_Injection 	SQL Injection 	13178
14 	/index.php/Testing_for_SQL_Injection_(OWASP-DV-005) 	SQL Injection 
13155
15 	/index.php/Category:OWASP_WebScarab_Project 	Tool: WebScarab 	12206
16 	/index.php/About_OWASP 	OWASP Page: About OWASP 	10533
17 	/index.php/Cross-Site_Request_Forgery_(CSRF) 	CSRF 	10506
18 	/index.php/REST_Security_Cheat_Sheet 	Cheat Sheet 	9899
19 	/index.php/Category:OWASP_WebGoat_Project 	Tool: WebGoat 	9833
20 	/index.php/Category:Attack 	OWASP Page: Category Attack 	9205
21 	/index.php/HttpOnly 	OWASP Page: HttpOnly 	8871
22 	/index.php/OWASP_Mobile_Security_Project 	
	8740
23 	/index.php/Top_10_2013-A1-Injection 	Top 10 	8661
24 	/index.php/Category:OWASP_Project 	
	8496
25 	/index.php/Top_10_2013 	Top 10 	8068
26 	/index.php/Web_Application_Firewall 	
	7920
27 	/index.php/Cheat_Sheets 	Cheat Sheet 	7614
28 	/index.php/Session_Management_Cheat_Sheet 	Cheat Sheet 	7317
29 	/index.php/Category:OWASP_Enterprise_Security_API 	Project: ESAPI 	7226
30 	/index.php/Blind_SQL_Injection 	SQL Injection 	7002
31 
/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002) 
	SSL 	6898
32 	/index.php/Source_Code_Analysis_Tools 	
	6755
33 	/index.php/Category:Vulnerability_Scanning_Tools 	
	6510
34 	/index.php/Authentication_Cheat_Sheet 	Cheat Sheet 	6358
35 	/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management 	
	6334
36 	/index.php/Testing_for_Cross_site_scripting 	
	6189
37 	/index.php/PHP_Security_Cheat_Sheet 	
	6168
38 	/index.php/Category:OWASP_Testing_Project 	
	6142
39 	/index.php/XML_External_Entity_(XXE)_Processing 	
	6089
40 	/index.php/Category:OWASP_Guide_Project 	
	5838
41 	/index.php/Clickjacking 	
	5770
42 	/index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001) 	
	5593
43 	/index.php/Clickjacking_Defense_Cheat_Sheet 	
	5474
44 	/index.php/Category:OWASP_DirBuster_Project 	
	5425
45 	/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project 	
	5361
46 	/index.php/Category:Vulnerability 	
	5341
47 	/index.php/WebGoat_Installation 	
	5287
48 	/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) 	
	5087
49 	/index.php/ZAP 	
	4522
50 	/index.php/Certificate_and_Public_Key_Pinning 	
	4416
51 	/index.php/Unrestricted_File_Upload 	
	4344
52 	/index.php/Web_Application_Security_Testing_Cheat_Sheet 	
	4339
53 	/index.php/Web_Application_Penetration_Testing 	
	4277
54 	/index.php/Testing_for_Brute_Force_(OWASP-AT-004) 	
	4225
55 	/index.php/OWASP_HTTP_Post_Tool 	
	4176
56 	/index.php/OWASP_Testing_Project 	
	4030
57 	/index.php/DOM_based_XSS_Prevention_Cheat_Sheet 	
	3975
58 	/index.php/Appendix_A:_Testing_Tools 	
	3936
59 	/index.php/Top_10_2013-A4-Insecure_Direct_Object_References 	
	3916
60 	/index.php/OWASP_Chapter 	
	3770
61 	/index.php/Transport_Layer_Protection_Cheat_Sheet 	
	3734
62 	/index.php/Password_Storage_Cheat_Sheet 	
	3695
63 	/index.php/HTML5_Security_Cheat_Sheet 	
	3677
64 	/index.php/OWASP_Xenotix_XSS_Exploit_Framework 	
	3642
65 	/index.php/SecureFlag 	
	3609
66 	/index.php/Securing_tomcat 	
	3599
67 	/index.php/List_of_useful_HTTP_headers 	
	3563
68 	/index.php/Session_hijacking_attack 	
	3548
69 	/index.php/Top_10_2013-A6-Sensitive_Data_Exposure 	
	3526
70 	/index.php/Top_10_2013-A5-Security_Misconfiguration 	
	3485
71 	/index.php/Command_Injection 	
	3482
72 	/index.php/Data_Validation 	
	3428
73 	/index.php/Test_HTTP_Methods_(OTG-CONFIG-006) 	
	3366
74 	/index.php/OWASP_Top_Ten_Cheat_Sheet 	
	3301
75 
/index.php/Category:OWASP_Application_Security_Verification_Standard_Project 
	
	3279
76 	/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents 	
	3148
77 	/index.php/Category:OWASP_Java_Project 	
	3129
78 	/index.php/Category:OWASP_Code_Review_Project 	
	3088
79 	/index.php/Forgot_Password_Cheat_Sheet 	
	3085
80 	/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) 	
	3067
81 	/index.php/Threat_Risk_Modeling 	
	3059
82 	/index.php/WebScarab_Getting_Started 	
	2999
83 	/index.php/HTTP_Strict_Transport_Security 	
	2985
84 	/index.php/Testing_for_XML_Injection_(OWASP-DV-008) 	
	2982
85 	/index.php/DOM_Based_XSS 	
	2960
86 
/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks 	
	2939
87 	/index.php/Session_Management 	
	2925
88 	/index.php/OWASP_Risk_Rating_Methodology 	
	2920
89 	/index.php/Testing_Guide_Introduction 	
	2919
90 	/index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control 	
	2916
91 	/index.php/Japan 	
	2903
92 	/index.php/Category:OWASP_AntiSamy_Project 	
	2870
93 	/index.php/Preventing_SQL_Injection_in_Java 	
	2810
94 	/index.php/Input_Validation_Cheat_Sheet 	
	2756
95 	/index.php/Session_fixation 	
	2704
96 	/index.php/OWASP_Appsec_Tutorial_Series 	
	2702
97 	/index.php/OWASP_Cheat_Sheet_Series 	
	2697
98 	/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards 	
	2672
99 	/index.php/Web_Service_Security_Cheat_Sheet 	
	2668
100 	/index.php/OWASP_Broken_Web_Applications_Project 	
	2657


Here is another list to consider. In the last 30 days, the following 
wiki pages have received the most TIME ON PAGE . If you would like to 
take a batch to review, please just let the owasp-wiki-editors list know 
what numbers from this list you want to "own" and provide us with 
feedback when done. (Or just email me directly off-list). Numbers are 
page views, new page views and time on page.

1 	/index.php/HttpOnly 	8871 	8065 	0:06:16
2 	/index.php/HTTP_Strict_Transport_Security 	2985 	2668 	0:06:07
3 	/index.php/Test_HTTP_Methods_(OTG-CONFIG-006) 	3366 	3129 	0:05:56
4 
/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002) 
	6898 	6299 	0:05:46
5 	/index.php/Certificate_and_Public_Key_Pinning 	4416 	3955 	0:05:39
6 	/index.php/Testing_for_SQL_Injection_(OWASP-DV-005) 	13155 	12308 
0:05:32
7 	/index.php/SecureFlag 	3609 	3313 	0:05:26
8 	/index.php/XSS_Filter_Evasion_Cheat_Sheet 	41877 	35236 	0:05:11
9 	/index.php/List_of_useful_HTTP_headers 	3563 	3013 	0:05:11
10 
/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet 
15018 	13601 	0:05:06
11 	/index.php/Testing_for_XML_Injection_(OWASP-DV-008) 	2982 	2740 
0:04:56
12 	/index.php/Securing_tomcat 	3599 	3230 	0:04:50
13 	/index.php/PHP_Security_Cheat_Sheet 	6168 	5655 	0:04:44
14 	/index.php/Session_fixation 	2704 	2483 	0:04:44
15 	/index.php/XML_External_Entity_(XXE)_Processing 	6089 	5413 	0:04:21
16 	/index.php/Clickjacking_Defense_Cheat_Sheet 	5474 	4849 	0:04:21
17 	/index.php/Data_Validation 	3428 	3165 	0:04:21
18 	/index.php/Threat_Risk_Modeling 	3059 	2672 	0:04:20
19 	/index.php/DOM_Based_XSS 	2960 	2684 	0:04:16
20 	/index.php/SQL_Injection_Prevention_Cheat_Sheet 	14988 	13643 	0:04:13
21 	/index.php/REST_Security_Cheat_Sheet 	9899 	8988 	0:04:12
22 	/index.php/Testing_for_Cross_site_scripting 	6189 	5665 	0:04:12
23 	/index.php/Testing_Guide_Introduction 	2919 	2694 	0:04:12
24 	/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet 
28346 	24586 	0:04:10
25 
/index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001) 
5593 	5062 	0:04:09
26 	/index.php/OWASP_Zed_Attack_Proxy_Project 	20366 	16424 	0:03:52
27 	/index.php/OWASP_Xenotix_XSS_Exploit_Framework 	3642 	2700 	0:03:52
28 	/index.php/Web_Application_Firewall 	7920 	6986 	0:03:48
29 	/index.php/Session_Management_Cheat_Sheet 	7317 	6654 	0:03:47
30 	/index.php/Transport_Layer_Protection_Cheat_Sheet 	3734 	3324 	0:03:44
31 	/index.php/Cross-Site_Request_Forgery_(CSRF) 	10506 	9537 	0:03:41
32 	/index.php/Category:Vulnerability_Scanning_Tools 	6510 	5279 	0:03:32
33 	/index.php/Clickjacking 	5770 	5133 	0:03:31
34 	/index.php/Preventing_SQL_Injection_in_Java 	2810 	2559 	0:03:31
35 	/index.php/OWASP_Broken_Web_Applications_Project 	2657 	2180 	0:03:29
36 	/index.php/HTML5_Security_Cheat_Sheet 	3677 	3412 	0:03:25
37 	/index.php/DOM_based_XSS_Prevention_Cheat_Sheet 	3975 	3668 	0:03:23
38 	/index.php/Password_Storage_Cheat_Sheet 	3695 	3387 	0:03:23
39 	/index.php/Session_hijacking_attack 	3548 	3183 	0:03:23
40 	/index.php/OWASP_Risk_Rating_Methodology 	2920 	2513 	0:03:22
41 	/index.php/WebGoat_Installation 	5287 	3739 	0:03:20
42 	/index.php/Web_Application_Security_Testing_Cheat_Sheet 	4339 
3974 	0:03:16
43 	/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards 
2672 	2393 	0:03:16
44 	/index.php/Web_Service_Security_Cheat_Sheet 	2668 	2465 	0:03:16
45 	/index.php/Cross-site_Scripting_(XSS) 	27351 	24278 	0:03:12
46 	/index.php/Source_Code_Analysis_Tools 	6755 	5704 	0:03:12
47 	/index.php/Blind_SQL_Injection 	7002 	5970 	0:03:10
48 	/index.php/Category:OWASP_Enterprise_Security_API 	7226 	5231 	0:03:07
49 	/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project 
5361 	3949 	0:03:06
50 	/index.php/Appendix_A:_Testing_Tools 	3936 	3313 	0:03:05
51 	/index.php/Category:OWASP_AntiSamy_Project 	2870 	2265 	0:03:03
52 	/index.php/WebScarab_Getting_Started 	2999 	2519 	0:03:02
53 	/index.php/Category:OWASP_WebScarab_Project 	12206 	7287 	0:02:59
54 	/index.php/Session_Management 	2925 	2676 	0:02:59
55 	/index.php/ZAP 	4522 	4052 	0:02:57
56 	/index.php/Category:OWASP_DirBuster_Project 	5425 	4284 	0:02:55
57 	/index.php/Top_10_2013-A5-Security_Misconfiguration 	3485 	2992 
0:02:55
58 	/index.php/Japan 	2903 	2145 	0:02:51
59 	/index.php/SQL_Injection 	13178 	11465 	0:02:50
60 	/index.php/Authentication_Cheat_Sheet 	6358 	5698 	0:02:49
61 	/index.php/Testing_for_Brute_Force_(OWASP-AT-004) 	4225 	3308 	0:02:47
62 	/index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control 
2916 	2507 	0:02:47
63 	/index.php/Top_10_2013-Top_10 	28901 	21359 	0:02:46
64 	/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) 
3067 	2681 	0:02:46
65 	/index.php/Top_10_2013-A6-Sensitive_Data_Exposure 	3526 	2972 	0:02:43
66 	/index.php/Top_10_2013-A4-Insecure_Direct_Object_References 
3916 	3353 	0:02:42
67 
/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management 
6334 	5130 	0:02:40
68 	/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) 	5087 	4169 
0:02:40
69 	/index.php/Input_Validation_Cheat_Sheet 	2756 	2507 	0:02:39
70 	/index.php/Top_10_2013-A1-Injection 	8661 	7066 	0:02:37
71 	/index.php/OWASP_Appsec_Tutorial_Series 	2702 	2434 	0:02:33
72 	
	862298 	711860 	0:02:33
73 	/index.php/Unrestricted_File_Upload 	4344 	3458 	0:02:32
74 	/index.php/Forgot_Password_Cheat_Sheet 	3085 	2775 	0:02:30
75 	/index.php/Category:OWASP_WebGoat_Project 	9833 	7643 	0:02:20
76 	/index.php/OWASP_Top_Ten_Cheat_Sheet 	3301 	2945 	0:02:20
77 
/index.php/Category:OWASP_Application_Security_Verification_Standard_Project 
	3279 	2370 	0:02:14
78 	/index.php/Command_Injection 	3482 	2708 	0:02:08
79 	/index.php/OWASP_Mobile_Security_Project 	8740 	5737 	0:02:02
80 	/index.php/OWASP_HTTP_Post_Tool 	4176 	2824 	0:01:52
81 	/index.php/Top10 	14787 	10770 	0:01:45
82 	/index.php/Main_Page 	91420 	72091 	0:01:38
83 	/index.php/About_OWASP 	10533 	9245 	0:01:36
84 	/index.php/Category:OWASP_Guide_Project 	5838 	4333 	0:01:33
85 	/index.php/OWASP_Testing_Guide_v4_Table_of_Contents 	13292 	9016 
0:01:29
86 	/index.php/Category:OWASP_Code_Review_Project 	3088 	2429 	0:01:29
87 	/index.php/Category:OWASP_Top_Ten_Project 	35303 	29029 	0:01:27
88 	/index.php/Category:Vulnerability 	5341 	3983 	0:01:26
89 
/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks 	2939 
	1751 	0:01:22
90 	/index.php/Category:Attack 	9205 	6772 	0:01:17
91 	/index.php/Category:OWASP_Project 	8496 	6355 	0:01:17
92 	/index.php/OWASP_Testing_Project 	4030 	3339 	0:01:16
93 	/index.php/Web_Application_Penetration_Testing 	4277 	3094 	0:01:15
94 	/index.php/Category:OWASP_Download 	16548 	12493 	0:01:13
95 	/index.php/Category:OWASP_Java_Project 	3129 	2575 	0:01:06
96 	/index.php/OWASP_Cheat_Sheet_Series 	2697 	1970 	0:01:06
97 	/index.php/Cheat_Sheets 	7614 	6085 	0:01:00
98 	/index.php/Category:OWASP_Testing_Project 	6142 	5042 	0:00:55
99 	/index.php/OWASP_Chapter 	3770 	3088 	0:00:43
100 	/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents 	3148 
1929 	0:00:43
101 	/index.php/Top_10_2013 	8068 	7038 	0:00:42


If you have any questions let me know. Your participation here is 
fundamental and instrumental in keeping the foundation relevant and 
being in service to the mission.

Thank you!

Aloha,
Jim Manico
OWASP Board Member
@Manicode


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20140626/d488692f/attachment-0001.html>


More information about the OWASP-wiki-editors mailing list