https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Keith+Turpin OWASP - User contributions [en] 2026-05-16T22:11:40Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=162584 OWASP Secure Coding Practices - Quick Reference Guide 2013-11-06T03:56:30Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> <br /> <br /> '''Translations:'''<br /> <br /> [https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf Brazilian Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf Portugal Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> [https://www.owasp.org/images/7/73/OWASP_SCP_Quick_Reference_Guide_%28Chinese%29.pdf Chinese Translation PDF]<br /> <br /> <br /> '''Related Presentations:'''&lt;br&gt;<br /> This slide deck incorporates many concepts from the Quick reference guide, but also utilizes other OWASP resources.&lt;br&gt;<br /> [https://www.owasp.org/images/b/ba/Web_Application_Development_Dos_and_Donts.ppt Web Application Development Dos and Donts - Presentation from the Royal Bank of Scotland]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; &lt;br&gt;<br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> '''Chinese Translation'''&lt;br&gt;<br /> * [mailto:wangj@owasp.org.cn Jie Wang]<br /> * Yongliang He<br /> * Henghui Lin<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=162583 OWASP Secure Coding Practices - Quick Reference Guide 2013-11-06T03:45:58Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> <br /> <br /> '''Translations:'''<br /> <br /> [https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf Brazilian Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf Portugal Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> [https://www.owasp.org/images/7/73/OWASP_SCP_Quick_Reference_Guide_%28Chinese%29.pdf Chinese Translation PDF]<br /> <br /> <br /> '''Related Presentations:'''<br /> <br /> [https://www.owasp.org/images/b/ba/Web_Application_Development_Dos_and_Donts.ppt Web Application Development Dos and Donts - Presentation from the Royal Bank of Scotland]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; &lt;br&gt;<br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> '''Chinese Translation'''&lt;br&gt;<br /> * [mailto:wangj@owasp.org.cn Jie Wang]<br /> * Yongliang He<br /> * Henghui Lin<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=162582 OWASP Secure Coding Practices - Quick Reference Guide 2013-11-06T03:44:25Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Related Presentations:'''<br /> <br /> [https://www.owasp.org/images/b/ba/Web_Application_Development_Dos_and_Donts.ppt Web Application Development Dos and Donts - Presentation from the Royal Bank of Scotland]<br /> <br /> '''Translations:'''<br /> <br /> [https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf Brazilian Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf Portugal Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> [https://www.owasp.org/images/7/73/OWASP_SCP_Quick_Reference_Guide_%28Chinese%29.pdf Chinese Translation PDF]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; &lt;br&gt;<br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> '''Chinese Translation'''&lt;br&gt;<br /> * [mailto:wangj@owasp.org.cn Jie Wang]<br /> * Yongliang He<br /> * Henghui Lin<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=File:Web_Application_Development_Dos_and_Donts.ppt&diff=162581 File:Web Application Development Dos and Donts.ppt 2013-11-06T03:39:46Z <p>Keith Turpin: This slide deck incorporates many concepts from the Quick reference guide, but also utilizes other OWASP resources. It has been created to highlight common secure web application development best practice efforts, but also detail where and how coding e...</p> <hr /> <div>This slide deck incorporates many concepts from the Quick reference guide, but also utilizes other OWASP resources. It has been created to highlight common secure web application development best practice efforts, but also detail where and how coding errors are made and how they can be avoided.<br /> <br /> Do’s and Don’ts examples throughout the slide pack have been grouped by vulnerability categories.</div> Keith Turpin https://wiki.owasp.org/index.php?title=User:Nishi_Kumar&diff=131075 User:Nishi Kumar 2012-06-06T21:46:27Z <p>Keith Turpin: </p> <hr /> <div>Nishi Kumar's Bio:<br /> &lt;br&gt;<br /> <br /> <br /> Nishi Kumar IT Architect Specialist, FIS <br /> <br /> Nishi Kumar is an Architect with 20 years of broad industry experience. She is part of OWASP Global Industry Committee and project lead for OWASP CBT (Computer based training) project. She is a committed contributor of OWASP. She has spearheaded Secure Code Initiative program in FIS Electronics Payment division. As part of that program, she has delivered OWASP based training to management and development teams to various groups in FIS. She has been involved with PA-DSS certification of several applications in FIS. Since joining FIS in 2004 she has worked as an architect and team lead for several financial payment and fraud applications. She has hands-on accomplishments in design, development and deployment of complex software systems on a variety of platforms. <br /> <br /> Prior to joining FIS Nishi Kumar has worked for Pavilion, HNC, Fair Isaac, Trajecta, Nationwide Insurance and Data Junction as Senior Software Engineer, Architect and in Project Management roles. <br /> <br /> Nishi can be reached at: nishi787(at)hotmail.com <br /> [mailto:Nishi.Kumar@owasp.org email address] and [[:Special:Contributions/Nishi Kumar|wiki contributions]].<br /> <br /> My hobby is oil painting. You can see some of my work from [http://www.creativesolve.com Nishi's Art Gallery]</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=129558 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2012-05-10T15:37:08Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> | contributor_name10 = Tarcizio Vieira Neto<br /> | contributor_email10 = <br /> | contributor_username10 = <br /> <br /> | contributor_name11 = OWASP Korea chapter<br /> | contributor_email11 = <br /> | contributor_username11 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin presenting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf<br /> | links_name2 = SCP v2 &gt; Brazilian Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf<br /> | links_name3 = SCP v2 &gt; Portugal Portuguese Translation &gt; PDF file<br /> <br /> | links_url4 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name4 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | links_url5 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name5 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=125138 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2012-02-28T02:31:23Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> | contributor_name10 = Tarcizio Vieira Neto<br /> | contributor_email10 = <br /> | contributor_username10 = <br /> <br /> | contributor_name11 = OWASP Korea chapter<br /> | contributor_email11 = <br /> | contributor_username11 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf<br /> | links_name2 = SCP v2 &gt; Brazilian Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf<br /> | links_name3 = SCP v2 &gt; Portugal Portuguese Translation &gt; PDF file<br /> <br /> | links_url4 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name4 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | links_url5 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name5 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=125137 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2012-02-28T02:27:27Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> | contributor_name8 = Canedo,Gerardo (as Spanish Translator)<br /> <br /> | contributor_name9 = Flores,Mauro (as Spanish Translator)<br /> <br /> | contributor_name10 = Hill,Alberto (as Spanish Translator)<br /> <br /> | contributor_name11 = Martinez,Mateo (as Spanish Translator)<br /> <br /> | contributor_name12 = Papaleo,Mauricio (as Spanish Translator)<br /> <br /> | contributor_name13 = Soarez,Nicolás (as Spanish Translator)<br /> <br /> | contributor_name14 = Targetta, Cecilia (as Spanish Translator)<br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf<br /> | links_name2 = SCP v2 &gt; Brazilian Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf<br /> | links_name3 = SCP v2 &gt; Portugal Portuguese Translation &gt; Pdf file<br /> <br /> | links_url4 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name4 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url5 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name5 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> | links_url6 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name6 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url7 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name7 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=125136 OWASP Secure Coding Practices - Quick Reference Guide 2012-02-28T02:23:21Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [https://www.owasp.org/images/b/b3/OWASP_SCP_v1.3_pt-BR.pdf Brazilian Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/6/6d/OWASP_SCP_v1.3_pt-PT.pdf Portugal Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; &lt;br&gt;<br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> <br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=125135 OWASP Secure Coding Practices - Quick Reference Guide 2012-02-28T02:04:32Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; &lt;br&gt;<br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> <br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=122530 OWASP Secure Coding Practices - Quick Reference Guide 2012-01-07T23:02:14Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; &lt;br&gt;<br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> <br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=122529 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2012-01-07T23:00:47Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> | contributor_name8 = Canedo,Gerardo (as Spanish Translator)<br /> <br /> | contributor_name9 = Flores,Mauro (as Spanish Translator)<br /> <br /> | contributor_name10 = Hill,Alberto (as Spanish Translator)<br /> <br /> | contributor_name11 = Martinez,Mateo (as Spanish Translator)<br /> <br /> | contributor_name12 = Papaleo,Mauricio (as Spanish Translator)<br /> <br /> | contributor_name13 = Soarez,Nicolás (as Spanish Translator)<br /> <br /> | contributor_name14 = Targetta, Cecilia (as Spanish Translator)<br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url4 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name4 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> | links_url5 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name5 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url6 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name6 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=122528 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2012-01-07T22:59:12Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> | contributor_name8 = Canedo,Gerardo (as Spanish Translator)<br /> <br /> | contributor_name9 = Flores,Mauro (as Spanish Translator)<br /> <br /> | contributor_name10 = Hill,Alberto (as Spanish Translator)<br /> <br /> | contributor_name11 = Martinez,Mateo (as Spanish Translator)<br /> | contributor_email11 = <br /> | contributor_username11 =<br /> <br /> | contributor_name12 = Papaleo,Mauricio (as Spanish Translator)<br /> <br /> | contributor_name13 = Soarez,Nicolás (as Spanish Translator)<br /> <br /> | contributor_name14 = Targetta, Cecilia (as Spanish Translator)<br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url4 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name4 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> | links_url5 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name5 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url6 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name6 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=122527 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2012-01-07T22:53:00Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> | contributor_name8 = Canedo,Gerardo (as Spanish Translator)<br /> <br /> | contributor_name9 = Flores,Mauro (as Spanish Translator)<br /> <br /> | contributor_name10 = Hill,Alberto (as Spanish Translator)<br /> <br /> | contributor_name11 = Martinez,Mateo (as Spanish Translator)<br /> <br /> | contributor_name12 = Papaleo,Mauricio (as Spanish Translator)<br /> <br /> | contributor_name13 = Soarez,Nicolás (as Spanish Translator)<br /> <br /> | contributor_name14 = Targetta, Cecilia (as Spanish Translator)<br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url4 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name4 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> | links_url5 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name5 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url6 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name6 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=122526 OWASP Secure Coding Practices - Quick Reference Guide 2012-01-07T22:49:46Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; <br /> '''Portuguese Translation'''&lt;BR&gt;<br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> '''Korean Translation'''&lt;br&gt;<br /> * OWASP Korea chapter<br /> '''Spanish Translation'''&lt;br&gt;<br /> * Canedo,Gerardo<br /> * Flores,Mauro<br /> * Hill,Alberto<br /> * Martinez,Mateo<br /> * Papaleo,Mauricio<br /> * Soarez,Nicolás<br /> * Targetta, Cecilia<br /> <br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=122525 OWASP Secure Coding Practices - Quick Reference Guide 2012-01-07T22:46:02Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> [http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc Spanish Translation doc]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; <br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> * OWASP Korea chapter<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=122524 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2012-01-07T22:44:11Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url4 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name4 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> | links_url5 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name5 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url6 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name6 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=122523 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2012-01-07T22:42:02Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> | contributor_name10 = Tarcizio Vieira Neto<br /> | contributor_email10 = <br /> | contributor_username10 = <br /> <br /> | contributor_name11 = OWASP Korea chapter<br /> | contributor_email11 = <br /> | contributor_username11 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | links_url4 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name4 = SCP v2 &gt; Spanish Translation &gt; doc file<br /> <br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=122522 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2012-01-07T22:40:53Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> | contributor_name10 = Tarcizio Vieira Neto<br /> | contributor_email10 = <br /> | contributor_username10 = <br /> <br /> | contributor_name11 = OWASP Korea chapter<br /> | contributor_email11 = <br /> | contributor_username11 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | links_url2 = http://www.owasp.org/images/c/c8/OWASP_SCP_Quick_Reference_Guide_SPA.doc<br /> | links_name2 = SCP v2 &gt; Spanish Translation &gt; PDF file<br /> <br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=File:OWASP_SCP_Quick_Reference_Guide_SPA.doc&diff=122521 File:OWASP SCP Quick Reference Guide SPA.doc 2012-01-07T22:35:06Z <p>Keith Turpin: Spanish translation of Secure Coding Practices Quick Reference Guide</p> <hr /> <div>Spanish translation of Secure Coding Practices Quick Reference Guide</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=115757 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2011-08-15T23:40:14Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url4 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name4 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url5 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name5 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=115756 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2011-08-15T23:39:38Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url3 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name3 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url4 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name4 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=115755 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2011-08-15T23:39:02Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Translation &gt; Pdf file<br /> <br /> | links_url2 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name2 = SCP v2 &gt; Korean Translation &gt; Pdf file<br /> <br /> | links_url3 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name3 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url4 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name4 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=115754 OWASP Secure Coding Practices - Quick Reference Guide 2011-08-15T23:36:36Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov]<br /> &lt;br&gt;<br /> '''Translation Contributors'''&lt;br&gt; <br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> * OWASP Korea chapter<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=115753 OWASP Secure Coding Practices - Quick Reference Guide 2011-08-15T23:34:29Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Translation PDF]<br /> <br /> [https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf Korean Translation PDF]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov] <br /> * [mailto:tarciziovn@gmail.com Tarcizio Vieira Neto]<br /> * [mailto:silviofilhosf@gmail.com Sílvio Correia Filho]<br /> * [mailto:leandrock@gmail.com Leandro Gomes]<br /> * OWASP Korea chapter<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=115752 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2011-08-15T23:25:51Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> | contributor_name10 = Tarcizio Vieira Neto<br /> | contributor_email10 = <br /> | contributor_username10 = <br /> <br /> | contributor_name11 = OWASP Korea chapter<br /> | contributor_email11 = <br /> | contributor_username11 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=115751 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2011-08-15T23:24:59Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> | contributor_name10 = Tarcizio Vieira Neto<br /> | contributor_email10 = <br /> | contributor_username10 = <br /> <br /> | contributor_name11 = OWASP Korea chapter<br /> | contributor_email11 = <br /> | contributor_username11 = <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=115750 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2011-08-15T23:03:23Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Translation &gt; PDF file<br /> <br /> | links_url3 = https://www.owasp.org/images/8/8e/2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf<br /> | links_name3 = SCP v2 &gt; Korean Translation &gt; PDF file<br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=File:2011%EB%85%846%EC%9B%94_OWASP_%EC%8B%9C%ED%81%90%EC%96%B4%EC%BD%94%EB%94%A9%EA%B7%9C%EC%B9%99_v2_KOR.pdf&diff=115749 File:2011년6월 OWASP 시큐어코딩규칙 v2 KOR.pdf 2011-08-15T22:59:38Z <p>Keith Turpin: Secure Coding Practices Quick Reference Guide - Korean Translation</p> <hr /> <div>Secure Coding Practices Quick Reference Guide - Korean Translation</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=112101 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2011-06-14T01:55:00Z <p>Keith Turpin: update presentation link</p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Project About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = https://www.owasp.org/images/f/fd/Secure_Coding_Practices_Quick_Ref_6.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Version &gt; PDF file<br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> &lt;!--- The line below is for GPC usage only. Please do not edit it ---&gt;<br /> | project_about_page = Projects/OWASP Secure Coding Practices - Quick Reference Guide<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=File:Secure_Coding_Practices_Quick_Ref_6.ppt&diff=112100 File:Secure Coding Practices Quick Ref 6.ppt 2011-06-14T01:50:09Z <p>Keith Turpin: Update to Secure Coding Practices presentation following AppSecEU</p> <hr /> <div>Update to Secure Coding Practices presentation following AppSecEU</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Connections_Committee_-_Application_8&diff=107725 OWASP Connections Committee - Application 8 2011-03-26T15:25:51Z <p>Keith Turpin: </p> <hr /> <div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br /> <br /> ----<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;2&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''COMMITTEE APPLICATION FORM''' <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Applicant's Name'''<br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;Ludovic Petit.<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Current and past OWASP Roles''' <br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|'''Chapter Leader, OWASP France'''<br /> <br /> Translator: Top Ten 2010, 2007 and 2004 in French<br /> <br /> Reviewer: OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> Contributor: OWASP Mobile Security Project<br /> <br /> Contributor: OWASP Cloud - Top10 Project<br /> <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Committee Applying for''' <br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|OWASP Connection Committee<br /> |}<br /> ----<br /> <br /> <br /> ----<br /> As Chapter Leader, I evangelize for quite a long time now, always with team spirit and commitment. I work at Group level in multinational corporation with a proven track record of working effectively with staff at all levels and managing international teams with team spirit and commitment. (TEAM stands for... Together Each Achieves More). As such, I'm very keen to develop initiatives for the Foundation and build lasting relationships with corporations through this Connections Committee. I'm currently working on an approach for a multinational corporation, in the perspective to (maybe) involve several local Chapters around the world...<br /> Feel free to take a look at my public LinkedIn page to see more about me, background, areas of expertise including snapshots of achievements in France and Europe: http://www.linkedin.com/in/lpetit.<br /> <br /> As requested, recommendations will follow in the coming days.<br /> <br /> Ludovic<br /> http://www.owasp.org/index.php/User:Ludovic_Petit<br /> <br /> ----<br /> <br /> <br /> ----<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;8&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''COMMITTEE RECOMMENDATIONS''' <br /> |- <br /> ! align=&quot;center&quot; style=&quot;background:white; color:white&quot;|&lt;font color=&quot;black&quot;&gt;<br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Who Recommends/Name''' <br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Role in OWASP'''<br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Recommendation Content''' <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''1'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Sébastien GIORIA<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| CoChapter Leader France and Global Education Committee Member<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Ludovic is a amazing leader in making connections between organization and is also a great technical security guy with a strong executive view. His actual role in Vodafone Group totally reflect this. I totally approve his membership in a comittee.<br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''2'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Fabio Cerullo<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| OWASP Ireland Chapter Leader<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| I endorse Ludovic to be a member of the connections committee due to his extensive experience, broad network of like-minded professionals and passion for OWASP.<br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''3'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Jocelyn Aubert<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| OWASP Luxembourg Chapter Leader<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| I participed with Ludovic in the Top2010 French translation. As a project leader, he has demonstrated his leadership capacity, dedication to OWASP, team spirit but also his human qualities. Thus, I can only endorse him to be a member of the connections committee.<br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''4'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Lorna Alamri<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| OWASP MSP Chapter Leader<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Ludovic has been involved in several OWASP projects as OWASP leader I endorse him to be a member of the connections committee.<br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''5'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Keith Turpin<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| OWASP Project Leader<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Ludovic would make an excellent member of the connections committee. His dedication to supporting OWASP and the industry in general, combined with his experience will make him a valuable contributor. I fully support him being a member of the connections committee.<br /> |}<br /> ----</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2&diff=105473 Projects/OWASP Secure Coding Practices - Quick Reference Guide/Releases/SCP v2 2011-02-20T00:54:39Z <p>Keith Turpin: </p> <hr /> <div>{{Template: &lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Release About&lt;/noinclude&gt;<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | release_name = SCP v2<br /> | release_date = 8 November 2010 <br /> | release_download_link = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf<br /> <br /> | release_description = <br /> <br /> <br /> *Now available in Portuguese: [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> *Sections of the guide were re-ordered, renamed and new sections were added to map more closely to the ASVS. However input and output handling was left at the beginning, as apposed to be lower in the list as it is with ASVS, since this is the source of the most common vulnerabilities and ones that effect even very simple applications. <br /> *Entirely new sections include:<br /> **Cryptographic Practices,<br /> **Error Handling and Logging&quot;. <br /> *The guide's &quot;Data Validation&quot; section was split to match ASVS and is now represented as two separate sections &quot;Input Validation&quot; and &quot;Output Encoding&quot;,<br /> *The guide's &quot;Authorization and Access Management&quot; section was renamed to Access Control, <br /> *The guide's &quot;Sensitive Information Storage or Transmission&quot; section was split to match ASVS and is now two new sections &quot;Data Protection&quot; and &quot;Communication Security&quot;, <br /> *Additional practices were added to most sections to account for requirements in ASVS that the guide did not specifically cover and some rewording of existing practices was also done.<br /> *Additional terms were added to the glossary.<br /> *Several improvements were made thanks to new contributors.<br /> <br /> | release_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']<br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.n.turpin@boeing.com<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Brad Causey (As GPC's Reviewer)<br /> | contributor_email1 = bradcausey@owasp.org <br /> | contributor_username1 = Bradcausey<br /> <br /> | contributor_name2 = Anurag Agarwal (As peer Reviewer)<br /> | contributor_email2 = anurag.agarwal@yahoo.com<br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Andrew Petukhov<br /> | contributor_email3 = petand@lvk.cs.msu.su<br /> | contributor_username3 = Petand<br /> <br /> | contributor_name4 = Jason Coleman <br /> | contributor_email4 = <br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Leandro Gomes (as Portuguese Translator)<br /> | contributor_email5 = leandrock@gmail.com<br /> | contributor_username5 = <br /> <br /> | contributor_name6 = Sílvio Correia Filho (as Portuguese Translator)<br /> | contributor_email6 = silviofilhosf@gmail.com<br /> | contributor_username6 = <br /> <br /> | contributor_name7 = Tarcizio Vieira Neto (as Portuguese Translator)<br /> | contributor_email7 = tarciziovn@gmail.com<br /> | contributor_username7 = <br /> <br /> <br /> | release_notes = http://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Releases/SCP_v2/Notes<br /> <br /> | links_url1 = http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc<br /> | links_name1 = SCP v2 &gt; English Version &gt; Word file<br /> <br /> | links_url2 = http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf<br /> | links_name2 = SCP v2 &gt; Portuguese Version &gt; Pdf file<br /> <br /> | links_url3 = http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls<br /> | links_name3 = Secure coding guide assessment feedback disposition<br /> <br /> | links_url4 = http://www.owasp.org/index.php/GPC_Project_Assessment/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide_-_SCP_v2<br /> | links_name4 = Assessment Control/Progress and Links<br /> <br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Projects/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=105472 Projects/OWASP Secure Coding Practices - Quick Reference Guide 2011-02-20T00:53:59Z <p>Keith Turpin: </p> <hr /> <div>{{Template:Project About<br /> | project_name = OWASP Secure Coding Practices - Quick Reference Guide<br /> | project_home_page = :OWASP Secure Coding Practices - Quick Reference Guide<br /> <br /> | project_description =<br /> <br /> This document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. Implementation of these practices will mitigate most common software vulnerabilities.<br /> <br /> | project_license = [http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0'''] <br /> <br /> | leader_name1 = Keith Turpin <br /> | leader_email1 = keith.turpin@owasp.org<br /> | leader_username1 = Keith Turpin<br /> <br /> | contributor_name1 = Dan Kranz <br /> | contributor_email1 = <br /> | contributor_username1 = <br /> <br /> | contributor_name2 = Walt Pietrowski <br /> | contributor_email2 = <br /> | contributor_username2 = <br /> <br /> | contributor_name3 = Catherine Spencer<br /> | contributor_email3 = <br /> | contributor_username3 = <br /> <br /> | contributor_name4 = Caleb McGary <br /> | contributor_email4 = Caleb.mcgary@gmail.com<br /> | contributor_username4 = <br /> <br /> | contributor_name5 = Jim Manico<br /> | contributor_email5 = jim.manico@owasp.org<br /> | contributor_username5 = Jmanico<br /> <br /> | contributor_name6 = Brad Causey<br /> | contributor_email6 = bradcausey@owasp.org<br /> | contributor_username6 = Bradcausey<br /> <br /> | contributor_name7 = Ludovic Petit<br /> | contributor_email7 = ludovic.petit@owasp.org<br /> | contributor_username7 = Ludovic Petit<br /> <br /> | contributor_name8 = Michael V. Scovetta<br /> | contributor_email8 = michael.scovetta@gmail.com<br /> | contributor_username8 = <br /> <br /> | contributor_name9 = Jason Coleman<br /> | contributor_email9 = <br /> | contributor_username9 = <br /> <br /> <br /> | pamphlet_link = http://www.owasp.org/images/3/35/Flyer_Secure_Coding_Practices_Quick_Reference_Guide_V2.pdf<br /> <br /> | presentation_link = http://www.owasp.org/images/5/54/Secure_Coding_Practices_Quick_Ref_5.ppt<br /> <br /> | mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices<br /> <br /> | project_road_map = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide/Roadmap<br /> <br /> | links_url1 = http://vimeo.com/17018329 <br /> | links_name1 = Video - Keith Turpin preseting the Quick Reference Guide on OWASP AppSec USA 2010<br /> <br /> | links_url2 = http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf<br /> | links_name2 = SCP v2 &gt; Updated Portuguese Version &gt; PDF file<br /> <br /> | release_1 = SCP v1<br /> <br /> | release_2 = SCP v1.1<br /> <br /> | release_3 = SCP v2<br /> <br /> | release_4 =<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=105471 OWASP Secure Coding Practices - Quick Reference Guide 2011-02-20T00:52:07Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/d/d8/OWASP_SCP_Quick_Reference_PT-BR_v1.1.pdf Updated Portuguese Version PDF]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov] <br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide&diff=105470 OWASP Secure Coding Practices - Quick Reference Guide 2011-02-20T00:48:16Z <p>Keith Turpin: </p> <hr /> <div>==== Main ====<br /> == Welcome to the Secure Coding Practices Quick Reference Guide Project ==<br /> <br /> '''NEW Release:''' version 2.0 published November 9th.<br /> <br /> The Secure Coding Practices Quick Reference Guide is a technology agnostic set of general software security coding practices, in a comprehensive checklist format, that can be integrated into the development lifecycle. At only 17 pages long, it is easy to read and digest.<br /> <br /> The focus is on secure coding requirements, rather then on vulnerabilities and exploits. It includes an introduction to Software Security Principles and a glossary of key terms.<br /> <br /> It is designed to serve as a secure coding kick-start tool and easy reference, to help development teams quickly understand secure coding practices.<br /> <br /> === Sections of the Guide: ===<br /> <br /> * Table of contents<br /> * Introduction<br /> * Software Security Principles Overview<br /> * Secure Coding Practices Checklist <br /> * Links to useful resources <br /> * Glossary of important terminology<br /> <br /> <br /> '''Download the current v2 (Stable) release:'''<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.pdf English version PDF]<br /> <br /> [http://www.owasp.org/index.php/File:OWASP_SCP_Quick_Reference_Guide_v2.doc English version MS Word]<br /> <br /> '''Translations:'''<br /> <br /> [http://www.owasp.org/images/e/e2/OWASP_SCP_Quick_Reference_PT-BR_v1.0.pdf Portuguese Version PDF]<br /> <br /> <br /> '''Project Feedback and Disposition History'''<br /> <br /> [http://www.owasp.org/images/6/64/SCP-QRG_Revisions_History.xls XLS Feedback Spreadsheet] <br /> <br /> <br /> ----<br /> == Feedback and Participation: ==<br /> <br /> I hope you find the OWASP Secure Coding Practices Quick Reference Guide Project useful. Please contribute to the Project by sending your comments, questions, and suggestions to [mailto:Keith.Turpin@owasp.org keith.turpin@owasp.org].<br /> <br /> <br /> Project mailing list and archives: <br /> [https://lists.owasp.org/mailman/listinfo/owasp-secure-coding-practices subscription page.]<br /> <br /> <br /> ----<br /> == Project Contributors: ==<br /> <br /> If you contribute to this Project, please add your name here&lt;br&gt;<br /> '''Project Lead:'''<br /> * [[user:Keith Turpin|Keith Turpin]]<br /> <br /> '''Contributors:'''&lt;br&gt;<br /> * Dan Kranz<br /> * Walt Pietrowski<br /> * Catherine Spencer<br /> * [mailto:Caleb.mcgary@gmail.com Caleb McGary]<br /> * [mailto:bradcausey@owasp.org Brad Causey]<br /> * [mailto:ludovic.petit@owasp.org Ludovic Petit]<br /> * [mailto:michael.scovetta@gmail.com Michael V. Scovetta]<br /> * [mailto:jim.manico@owasp.org Jim Manico]<br /> * Jason Coleman<br /> * [mailto:anurag.agarwal@yahoo.com Anurag Agarwal]<br /> * [mailto:petand@lvk.cs.msu.su Andrew Petukhov] <br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Secure Coding Practices - Quick Reference Guide | Project About}}<br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> <br /> [[Category:OWASP_Project|Secure Coding Practices - Quick Reference Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Release Quality Document]]</div> Keith Turpin https://wiki.owasp.org/index.php?title=Global_Industry_Committee_-_Application_6&diff=105160 Global Industry Committee - Application 6 2011-02-15T17:40:56Z <p>Keith Turpin: </p> <hr /> <div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br /> <br /> ----<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;2&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''COMMITTEE APPLICATION FORM''' <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Applicant's Name'''<br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;Nishi Kumar<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Current and past OWASP Roles''' <br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|OWASP CBT Project lead and part of OWASP Global Education Committee<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Committee Applying for''' <br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|Global Industry Committee<br /> |}<br /> ----<br /> <br /> <br /> ----<br /> Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. <br /> An incomplete application will not be considered for vote.<br /> ----<br /> <br /> <br /> ----<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;8&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''COMMITTEE RECOMMENDATIONS''' <br /> |- <br /> ! align=&quot;center&quot; style=&quot;background:white; color:white&quot;|&lt;font color=&quot;black&quot;&gt;<br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Who Recommends/Name''' <br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Role in OWASP'''<br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Recommendation Content''' <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''1'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Giorgio Fedon<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Owasp Italy TD<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Nishi is a talented professional with specific knowledge about large corporates needs for Appsec<br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''2'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Keith Turpin<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Project Leader<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Nishi represents a large financial sector service and technology provider. She brings extensive industry knowledge and represents a customer set that can directly benefit from OWASP projects. As a industry partner she brings a user based view that will help provide a useful perspective to the committee. Combine this with her excellent technical knowledge as a system architect and she will be an asset as a committee member. <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''3'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''4'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''5'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| <br /> |}<br /> ----</div> Keith Turpin https://wiki.owasp.org/index.php?title=Global_Industry_Committee_-_Application_6&diff=105159 Global Industry Committee - Application 6 2011-02-15T17:40:15Z <p>Keith Turpin: </p> <hr /> <div>[[How to Join a Committee|Click here to return to 'How to Join a Committee' page]]<br /> <br /> ----<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;2&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''COMMITTEE APPLICATION FORM''' <br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;|'''Applicant's Name'''<br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|&lt;font color=&quot;black&quot;&gt;Nishi Kumar<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Current and past OWASP Roles''' <br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|OWASP CBT Project lead and part of OWASP Global Education Committee<br /> |-<br /> | style=&quot;width:25%; background:#7B8ABD&quot; align=&quot;center&quot;| '''Committee Applying for''' <br /> | colspan=&quot;1&quot; style=&quot;width:85%; background:#cccccc&quot; align=&quot;left&quot;|Global Industry Committee<br /> |}<br /> ----<br /> <br /> <br /> ----<br /> Please be aware that for an application to be considered by the board, '''you MUST have 5 recommendations'''. <br /> An incomplete application will not be considered for vote.<br /> ----<br /> <br /> <br /> ----<br /> {| style=&quot;width:100%&quot; border=&quot;0&quot; align=&quot;center&quot;<br /> ! colspan=&quot;8&quot; align=&quot;center&quot; style=&quot;background:#4058A0; color:white&quot;|&lt;font color=&quot;white&quot;&gt;'''COMMITTEE RECOMMENDATIONS''' <br /> |- <br /> ! align=&quot;center&quot; style=&quot;background:white; color:white&quot;|&lt;font color=&quot;black&quot;&gt;<br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Who Recommends/Name''' <br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Role in OWASP'''<br /> ! align=&quot;center&quot; style=&quot;background:#7B8ABD; color:white&quot;|&lt;font color=&quot;black&quot;&gt;'''Recommendation Content''' <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''1'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Giorgio Fedon<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Owasp Italy TD<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Nishi is a talented professional with specific knowledge about large corporates needs for Appsec<br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''2'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Keith Turpin<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| Project Leader<br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| Nishi represents a large financial sector service and technology provider. She brings extensive industry knowledge and represents a customer set that can directly benefit from OWASP projects. As a industry partner she brings a user based view that will help provide a useful perspective to the committee. Combine this with her excellent technical knowledge as an a system architect and she will be an asset as a committee member. <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''3'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''4'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| <br /> |-<br /> | style=&quot;width:3%; background:#cccccc&quot; align=&quot;center&quot;|'''5'''<br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:20%; background:#cccccc&quot; align=&quot;center&quot;| <br /> | style=&quot;width:57%; background:#cccccc&quot; align=&quot;center&quot;| <br /> |}<br /> ----</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session077&diff=104758 Summit 2011 Working Sessions/Session077 2011-02-09T20:35:54Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Matthew Chalmers<br /> | summit_session_attendee_email1 = matthew.chalmers@owasp.org<br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1=[http://www.rockwellautomation.com/ http://www.rockwellautomation.com/lib/images/ralogo_web.gif]<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = Dinis Cruz<br /> | summit_session_attendee_email2 = dinis.cruz@owasp.org<br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = Mark Bristow<br /> | summit_session_attendee_email3 = mark.bristow@owasp.org<br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3= Securicon LLC<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = Doug Wilson<br /> | summit_session_attendee_email4 = dougDOTwilsonATowaspDOTorg<br /> | summit_session_attendee_username4 = Dallendoug<br /> | summit_session_attendee_company4= [http://www.mandiant.com Mandiant]<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Concern about balancing growth of OWASP with evolutionary requirements. Most organizations fail to manage their growth, would like to see OWASP not go the same way.<br /> <br /> | summit_session_attendee_name5 = Martin Knobloch<br /> | summit_session_attendee_email5 = martin.knobloch@owasp.org<br /> | summit_session_attendee_username5 = knoblochmartin<br /> | summit_session_attendee_company5= PervaSec<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7 = <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._owasp.jpg]]<br /> | summit_ws_logo = [[Image:WS._owasp.jpg]]<br /> | summit_session_name = OWASP funding and CEO discussion<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session077<br /> | mailing_list =<br /> |-<br /> <br /> | short_working_session_description= As OWASP grows, a number of critical decisions needs to be made in terms of where OWASP allocates its limited financial resources. For example should OWASP hire a CEO or should it hire other type of staff? This working session will cover both sides of the question and hopefully reach a conclusion and proposal for OWASP Board vote<br /> <br /> See the [[Talk:Summit_2011_Working_Sessions/Session077]] page for Arguments for and against OWASP Hiring a CEO<br /> <br /> <br /> |-<br /> <br /> | related_project_name1 = <br /> | related_project_url_1 = <br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1= <br /> <br /> | summit_session_objective_name2 = <br /> <br /> | summit_session_objective_name3 = <br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = For information related to the CEO discussion please see the '''[[Talk:Summit 2011 Working Sessions/Session077|Discussion]]''' page.<br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = A white paper analyzing the governance structure of OWASP and recommending whether or not the investment in a CEO would be cost-effective.<br /> <br /> |summit_session_deliverable_name2 = <br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Keith Turpin<br /> | summit_session_leader_email1 = keith.turpin@owasp.org<br /> | summit_session_leader_username1 = Keith_Turpin<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 =<br /> | operational_leader_email1 =<br /> | operational_leader_username1 = <br /> <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session077<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session077<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session085&diff=103289 Summit 2011 Working Sessions/Session085 2011-02-03T21:22:09Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Lucas C. Ferreira<br /> | summit_session_attendee_email1 = lucas.ferreira@owasp.org<br /> | summit_session_attendee_username1 = sapao<br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = <br /> | summit_session_attendee_email2 = <br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = <br /> | summit_session_attendee_email3 = <br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = <br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=<br /> <br /> | summit_session_attendee_name5 = <br /> | summit_session_attendee_email5 = <br /> | summit_session_attendee_username5 = <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7 = <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._metrics.jpg]] <br /> | summit_ws_logo = [[Image:WS._metrics.jpg]]<br /> | summit_session_name = Common structure and numbering for all guides<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session085 <br /> | mailing_list =<br /> |-<br /> <br /> | short_working_session_description=<br /> The purpose of this session is to bring together the various document project leaders and other interested parties to discuss the establishment of a common document numbering system. This will also require that applicable document projects have a similar structure, at least in the areas associated with the numbering. That means this session will drive revisions to current projects. Additionally, this is an opportunity to discuss the overall alignment of the release document projects and how they fit into a secure development life cycle. <br /> <br /> Some of the document projects that would benefit from this activity include the following, but there are several others not listed :<br /> *[[OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]].........(What to do - Requirements),<br /> *[[OWASP Guide Project|OWASP Development Guide]].......................................(How to do it – Coding guidance),<br /> *[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide V2]].........................(How to do it – Ruby specific),<br /> *[[OWASP Testing Project|OWASP Testing Guide]]...........................................(How to test it – Pen Testing),<br /> *[[:Category:OWASP Code Review Project|OWASP Code Review Guide]].......................................( How to test it – Code Review),<br /> *[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard Project]]......(Verify and rate what was done),<br /> <br /> |-<br /> <br /> | related_project_name1 = <br /> | related_project_url_1 = <br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1 = Discuss and review current document project structures and key elements.<br /> <br /> | summit_session_objective_name2 = Review proposal to align to ASVS and discuss whether the current version of ASVS provides an adequate baseline.<br /> <br /> | summit_session_objective_name3 = Review other options for structure and numbering.<br /> <br /> | summit_session_objective_name4 = Develop a draft structure and numbering plan.<br /> <br /> | summit_session_objective_name5 = Discuss any dependencies which may exist, such as common nomenclature and definitions. <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = The presence on this session of the participants of the Working Sessions below is advisable<br /> * [[Summit 2011 Working Sessions/Session052|'''OWASP Testing Guide''']]<br /> * [[Summit 2011 Working Sessions/Session066|'''Development Guide''']]<br /> * [[Summit 2011 Working Sessions/Session053|'''OWASP Java Project''']]<br /> * [[Summit 2011 Working Sessions/Session200|'''OWASP Secure Coding Practices Project''']]<br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = A written recommendation for a unified category and numbering system for applicable document projects. <br /> <br /> |summit_session_deliverable_name2 = Agreement from applicable document project leaders to adopt the finalized version of the system.<br /> <br /> |summit_session_deliverable_name3 = An implementation plan discussing when projects will implement the new system.<br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Keith Turpin<br /> | summit_session_leader_email1 = keith.n.turpin@boeing.com<br /> | summit_session_leader_username1 = Keith Turpin<br /> <br /> | summit_session_leader_name2 = Matteo Meucci<br /> | summit_session_leader_email2 = matteo.meucci@owasp.org<br /> | summit_session_leader_username2 = Mmeucci<br /> <br /> | summit_session_leader_name3 = Vishal Garg<br /> | summit_session_leader_email3 = vishalgrg@gmail.com<br /> | summit_session_leader_username3 = Vishal_Garg<br /> <br /> |-<br /> <br /> | operational_leader_name1 = Jim Manico<br /> | operational_leader_email1 = jim.manico@owasp.org<br /> | operational_leader_username1 = jmanico <br /> <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session085<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session085<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session201&diff=103280 Summit 2011 Working Sessions/Session201 2011-02-03T18:07:26Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Vishal Garg<br /> | summit_session_attendee_email1 = vishalgrg@gmail.com<br /> | summit_session_attendee_username1 = Vishal_Garg<br /> | summit_session_attendee_company1= AppSecure Labs<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= <br /> <br /> | summit_session_attendee_name2 = Keith Turpin<br /> | summit_session_attendee_email2 = keith.turpin@owasp.org<br /> | summit_session_attendee_username2 = Keith_Turpin<br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= <br /> <br /> | summit_session_attendee_name3 = <br /> | summit_session_attendee_email3 = <br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= <br /> <br /> | summit_session_attendee_name4 = <br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= <br /> <br /> | summit_session_attendee_name5 = <br /> | summit_session_attendee_email5 = <br /> | summit_session_attendee_username5= <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6= <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7= <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8= <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9= <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10= <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11= <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12= <br /> | summit_session_attendee_company12 =<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14= <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15= <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16= <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17= <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18= <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19= <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20= <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = OWASP Common vulnerability list<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session201<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description = <br /> <br /> There are many OWASP projects like OWASP Testing Guide, OWASP Code Review Guide, OWASP Developers Guide, etc which discuss on how to look for and remediate various vulnerabilities in a web application. For e.g., people using OWASP Testing Guide to test for vulnerabilities in their application can go through a list of vulnerabilities and test for it but there is no easy way for them to cross reference to dev guide to jump to a specific section and be able to access the relevant information quickly. These vulnerabilities are discussed as individual list in all the guides and there is no easy way to cross-reference all of them. <br /> <br /> OWASP Common Vulnerability List will be a lightweight list, which will contain only the vulnerability ID, category, vulnerability name and a brief description. The main objective of this list is to provide a common platform for other guides and tools to provide a link to each other. <br /> <br /> |-<br /> <br /> | related_project_name1 = OWASP Common Vulnerability List<br /> | related_project_url_1 = http://www.owasp.org/index.php/OWASP_Common_Vulnerability_List<br /> <br /> | related_project_name2 = OWASP Testing Project<br /> | related_project_url_2 = http://www.owasp.org/index.php/Category:OWASP_Testing_Project<br /> <br /> | related_project_name3 = OWASP Code Review Guide<br /> | related_project_url_3 = http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project<br /> <br /> | related_project_name4 = OWASP Building Guide<br /> | related_project_url_4 = http://www.owasp.org/index.php/OWASP_Guide_Project<br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1= Build the first version of the OWASP Common vulnerability list<br /> <br /> | summit_session_objective_name2 = <br /> <br /> | summit_session_objective_name3 = <br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = <br /> <br /> |-<br /> <br /> | working_session_additional_details = The goals of OWASP common vulnerability list are:&lt;br&gt;<br /> 1. Serve as a common list to all other OWASP initiatives (Dev Guide, Testing Guide, CR Guide, etc) which has any reference to web application vulnerabilities (just like OWASP common numbering scheme).&lt;br&gt;<br /> 2. Can be referenced by various open source and commercial tools as the list of vulnerabilities being identified or for any other purpose.&lt;br&gt;<br /> 3. Provides a clear requirement for PCI and other compliance laws<br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = Debating the vulnerability list and deliver the first version of the project.<br /> <br /> |summit_session_deliverable_name2 = <br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Matteo Meucci<br /> | summit_session_leader_email1 = matteo.meucci@owasp.org<br /> | summit_session_leader_username1 = Mmeucci<br /> <br /> | summit_session_leader_name2 = Eoin Keary<br /> | summit_session_leader_email2 = eoin.keary@owasp.org<br /> | summit_session_leader_username2 = EoinKeary<br /> <br /> | summit_session_leader_name3 = Anurag Agarwal<br /> | summit_session_leader_email3 = Anurag.Agarwal@owasp.org<br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 = <br /> | operational_leader_email1 = <br /> | operational_leader_username1 = <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session201<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session201<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session052&diff=103279 Summit 2011 Working Sessions/Session052 2011-02-03T18:01:22Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Nishi Kumar<br /> | summit_session_attendee_email1 = nishi.kumar@owasp.org<br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1= FIS<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = Cecil Su<br /> | summit_session_attendee_email2 = cecil.su@owasp.org<br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2= GT<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = Lucas C. Ferreira<br /> | summit_session_attendee_email3 = lucas.ferreira@owasp.org<br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = Keith Turpin<br /> | summit_session_attendee_email4 = keith.turpin@owasp.org<br /> | summit_session_attendee_username4 = Keith_Turpin<br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=<br /> <br /> | summit_session_attendee_name5 = Achim Hoffmann<br /> | summit_session_attendee_email5 = achim@owasp.org<br /> | summit_session_attendee_username5 = Achim<br /> | summit_session_attendee_company5= sic[!]sec<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = Tom Neaves<br /> | summit_session_attendee_email6 = tom.neaves@verizonbusiness.com<br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6= Verizon Business<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = Vishal Garg<br /> | summit_session_attendee_email7 = vishalgrg@gmail.com<br /> | summit_session_attendee_username7 = <br /> | summit_session_attendee_company7= AppSecure Labs<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = Giorgio Fedon<br /> | summit_session_attendee_email8 = giorgio.fedon@mindedsecurity.com<br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8= Minded Security<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = Stefano Di Paola<br /> | summit_session_attendee_email9 = stefano@owasp.org<br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9= Minded Security<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = Pavol Luptak<br /> | summit_session_attendee_email10 = pavol.luptak@nethemba.com<br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10= Nethemba<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = Andre Gironda<br /> | summit_session_attendee_email11 = andregATthegmail<br /> | summit_session_attendee_username11 = Dre<br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11= Will be available remotely<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = OWASP Testing Guide<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052<br /> | mailing_list =<br /> |-<br /> | short_working_session_description= We need to define:&lt;br&gt;<br /> &lt;br&gt;- an updated vulnerability list to test (from the OWASP Common Vulnerabiltity list)<br /> &lt;br&gt;- Create a more readable guide, eliminating some sections that are not<br /> really useful,<br /> &lt;br&gt;- Insert new testing techniques: HTTP Verb tampering, HTTP Parameter<br /> Pollutions, etc.,<br /> &lt;br&gt;- Rationalize some sections as Session Management Testing,<br /> &lt;br&gt;- Debate if create a new section: Client side security and Firefox<br /> extensions testing.<br /> <br /> |-<br /> <br /> | related_project_name1 = OWASP Testing Project<br /> | related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Testing_Project<br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1= Show the v3, and debating what we need to create an excellent v4<br /> <br /> | summit_session_objective_name2 = <br /> <br /> | summit_session_objective_name3 = <br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = TODO<br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = The presence of participants on the Working Session [[Summit 2011 Working Sessions/Session085|'''Common structure and numbering for all guides''']] is advisable.<br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = An updated outline for the testing guide that is tied into the OWASP common numbering scheme<br /> <br /> |summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Testing Guide for evaluation and discussion by the community at large.<br /> <br /> |summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.<br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Matteo Meucci<br /> | summit_session_leader_email1 = matteo.meucci@owasp.org<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> |-<br /> <br /> | operational_leader_name1 = Giorgio Fedon<br /> | operational_leader_email1 = <br /> <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session052<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session052<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session067&diff=103278 Summit 2011 Working Sessions/Session067 2011-02-03T18:00:21Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Nishi Kumar<br /> | summit_session_attendee_email1 = nishi.kumar@owasp.org<br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1= FIS<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = Steven van der Baan<br /> | summit_session_attendee_email2 = steven.van.der.baan@owasp.org<br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = Wojciech Dworakowski<br /> | summit_session_attendee_email3 = wojciech.dworakowski@securing.pl<br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3= SecuRing<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= ASVS extensions. Requirements mapping to CWE, Top10 and other OWASP projects. ASVS requirements and risk impact. Level1 - tools availability. <br /> <br /> | summit_session_attendee_name4 = Jim Manico<br /> | summit_session_attendee_email4 = jim.manico@owasp.org<br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4= Independent Consultant<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= Love for ASVS<br /> <br /> | summit_session_attendee_name5 = Vishal Garg<br /> | summit_session_attendee_email5 = vishalgrg@gmail.com<br /> | summit_session_attendee_username5 = <br /> | summit_session_attendee_company5= AppSecure Labs<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5= ASVS adoption within and outside OWASP. One example - OWASP Development Guide.<br /> <br /> | summit_session_attendee_name6 = Abraham Kang<br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = Keith Turpin<br /> | summit_session_attendee_email7 = keith.turpin@owasp.org<br /> | summit_session_attendee_username7 = Keith_Turpin<br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = ASVS Project<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session067<br /> <br /> |-<br /> <br /> | short_working_session_description=Discussion on the Application Security Verification Standard (expierences, ideas for improvements)<br /> <br /> |-<br /> <br /> | related_project_name1 = Application Security Verification Standard (ASVS)<br /> | related_project_url_1 = http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project<br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1 = Discuss expierences with using ASVS <br /> <br /> | summit_session_objective_name2 = Discuss specific requirements and ideas for improvement<br /> <br /> | summit_session_objective_name3 = Create a white paper with ideas for revisions to the ASVS<br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = A short white paper with ideas for revisions to the ASVS, ready for evaluation by the community at large. Actual suggested revisions to the document are helpful, but not required if time does not allow.<br /> <br /> |summit_session_deliverable_name2 = <br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Matthias Rohr <br /> | summit_session_leader_email1 = mail@matthiasrohr.de<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 =<br /> | operational_leader_email1 =<br /> | operational_leader_username1 = <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session067<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session067<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session066&diff=103277 Summit 2011 Working Sessions/Session066 2011-02-03T17:57:40Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Matthias Rohr<br /> | summit_session_attendee_email1 = m.rohr@sec-consult.com<br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1= SEC Consult<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = Eoin Keary<br /> | summit_session_attendee_email2 = eoin.keary@owasp.org<br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = Steven van der Baan<br /> | summit_session_attendee_email3 = steven.van.der.Baan@owasp.org<br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = Abraham Kang<br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=<br /> <br /> | summit_session_attendee_name5 = Keith Turpin<br /> | summit_session_attendee_email5 = keith.turpin@owasp.org<br /> | summit_session_attendee_username5 = Keith_Turpin<br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7 = <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = Development Guide<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session066<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description= If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run. The primary aim of the OWASP Development Guide is to help businesses, developers, designers and solution architects to build secure web applications from the outset. The next version of the guide is an extension from the existing version with further enhancements to make it more usable for all stake holders. The aim of the working session is to have a discussion on the shortcomings of the existing guide and to make it a basis for further enhancements, alignment of the guide to ASVS Standard and OWASP common numbering scheme, potential for alignment of all three OWASP guides (DG, CRG and TG) and the ways to improve the usefulness of the guide to all the stake holders.<br /> <br /> |-<br /> <br /> | related_project_name1 = Project Wiki Page<br /> | related_project_url_1 = http://www.owasp.org/index.php/OWASP_Guide_Project#tab=Project_About<br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1 = Discussion on major enhancements to the next version of the development guide<br /> <br /> | summit_session_objective_name2 = Discussion on aligning the guide to ASVS standard and OWASP common numbering scheme<br /> <br /> | summit_session_objective_name3 = Discussion on improving the usefulness of the guide to all stakeholders<br /> <br /> | summit_session_objective_name4 = Collaboration with other OWASP guides - Top 10, ASDR, CRG and TG <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = The presence of participants on the Working Session [[Summit 2011 Working Sessions/Session085|'''Common structure and numbering for all guides''']] is advisable. <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = An updated outline for the development guide that is tied into the OWASP common numbering scheme<br /> <br /> |summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Development Guide for evaluation and discussion by the community at large.<br /> <br /> |summit_session_deliverable_name3 = A committed project manager who can reach out to experts to get the document completed.<br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Vishal Garg<br /> | summit_session_leader_email1 = vishalgrg@gmail.com<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> |-<br /> <br /> | operational_leader_name1 =<br /> | operational_leader_email1 =<br /> | operational_leader_username1 = <br /> <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session066<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session066<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session042&diff=103276 Summit 2011 Working Sessions/Session042 2011-02-03T17:55:29Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Martin Knobloch<br /> | summit_session_attendee_email1 = martin.knobloch@owasp.org<br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = Nishi Kumar<br /> | summit_session_attendee_email2 = nishi.kumar@owasp.org<br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2= FIS<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = Jason Taylor<br /> | summit_session_attendee_email3 = jtaylor@securityinnovation.com<br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = Carlos Serrão<br /> | summit_session_attendee_email4 = carlos.serrao@iscte.pt<br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=<br /> <br /> | summit_session_attendee_name5 = Konstantinos Papapanagiotou<br /> | summit_session_attendee_email5 = Konstantinos@owasp.org<br /> | summit_session_attendee_username5 = <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = Daniel Brzozowski<br /> | summit_session_attendee_email6 = daniel@brzozowski.biz<br /> | summit_session_attendee_username6 = Daniel Brzozowski<br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = L. Gustavo C. Barbato<br /> | summit_session_attendee_email7 = lgbarbato@owasp.org<br /> | summit_session_attendee_username7 = Gustavo Barbato<br /> | summit_session_attendee_company7= Dell<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = Keith Turpin<br /> | summit_session_attendee_email8 = keith.turpin@owasp.org<br /> | summit_session_attendee_username8 = Keith_Turpin<br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._university.jpg]]<br /> | summit_ws_logo = [[Image:WS._university.jpg]]<br /> | summit_session_name = Developer's Security Training Package<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session042<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description= Compile a set of documents and slides to assist in the delivery of a security training class for developers<br /> <br /> |-<br /> <br /> | related_project_name1 = OWASP Development Guide, OWASP Secure Coding Practices - Quick Reference Guide, OWASP Enterprise Security API (ESAPI) Project, <br /> | related_project_url_1 = <br /> <br /> | related_project_name2 = OWASP Code Review Guide, <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = OWASP Application Security Verification Standard Project, <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = OWASP Testing Guide, <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = OWASP Top Ten Project<br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1= To create an organized package that can be used by companies for the purposes of educating developers on securely coding web applications and web services<br /> <br /> | summit_session_objective_name2 = <br /> <br /> | summit_session_objective_name3 = <br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = A curriculum for the above based on OWASP materials and a plan to build it out.<br /> <br /> |summit_session_deliverable_name2 = <br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Brad Causey<br /> | summit_session_leader_email1 = bradcausey@owasp.org<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 =<br /> | operational_leader_email1 =<br /> | operational_leader_username1 = <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> <br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session042<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session042<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session092&diff=103189 Summit 2011 Working Sessions/Session092 2011-02-02T23:37:42Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Lucas C. Ferreira<br /> | summit_session_attendee_email1 = lucas.ferreira@owasp.org<br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name1 = Eoin Keary<br /> | summit_session_attendee_email1 = eoin.keary@owasp.org<br /> | summit_session_attendee_username1 = EoinKeary<br /> | summit_session_attendee_company1=Ernst &amp; Young<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> <br /> | summit_session_attendee_name2 = Achim Hoffmann<br /> | summit_session_attendee_email2 = achim@owasp.org<br /> | summit_session_attendee_username2 = Achim<br /> | summit_session_attendee_company2= sic[!]sec<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = Steven van der Baan<br /> | summit_session_attendee_email3 = steven.van.der.baan@owasp.org<br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = Cecil Su<br /> | summit_session_attendee_email4 = cecil.su@owasp.org<br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=<br /> <br /> | summit_session_attendee_name5 = Sherif Koussa<br /> | summit_session_attendee_email5 = sherif.koussa@owasp.org<br /> | summit_session_attendee_username5 = <br /> | summit_session_attendee_company5= Software Secured<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = Matthias Rohr<br /> | summit_session_attendee_email6 = m.rohr@sec-consult.com<br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6= SEC Consult<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = Vishal Garg<br /> | summit_session_attendee_email7 = vishalgrg@gmail.com<br /> | summit_session_attendee_username7 = <br /> | summit_session_attendee_company7= AppSecure Labs<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = Chris Eng<br /> | summit_session_attendee_email8 = ceng@veracode.com<br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8= Veracode<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = Nishi Kumar<br /> | summit_session_attendee_email9 = nishi.kumar@owasp.org<br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9= FIS<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = Michael Coates<br /> | summit_session_attendee_email10 = mcoates@mozilla.org<br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10= Mozilla<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = Giorgio Fedon<br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = gfedon<br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = Keith Turpin<br /> | summit_session_attendee_email12 = keith.turpin@owasp.org<br /> | summit_session_attendee_username12 = Keith_Turpin<br /> | summit_session_attendee_company12= <br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> |-<br /> | summit_track_logo = [[Image:T._mitigation.jpg]]<br /> | summit_ws_logo = [[Image:WS._mitigation.jpg]]<br /> | summit_session_name = Scaling Web Application Security Testing<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session092<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description= One of the challenge that large companies have is how to scale web application security testing when hundreds if not thousands of applications need to be retested regularly. The objective of this Working Sessions is for the security teams that are trying to do this today (including Tools and Host based solutions) to exchange ideas, expose current problems and share solutions <br /> <br /> |-<br /> <br /> | related_project_name1 = <br /> | related_project_url_1 = <br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1= <br /> <br /> | summit_session_objective_name2 = <br /> <br /> | summit_session_objective_name3 = <br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = A white paper describing strategies for scaling application security verification programs beyond a single application at a time. Should address achieving coverage of expected controls, depth of assurance, both automated and manual approaches, custom rules, rule management, rule deployment.<br /> <br /> |summit_session_deliverable_name2 = <br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Arian Evans<br /> | summit_session_leader_email1 = <br /> | summit_session_leader_username1 =<br /> <br /> | summit_session_leader_name2 = Dinis Cruz<br /> | summit_session_leader_email2 = dinis.cruz@owasp.org<br /> | summit_session_leader_username2 = Dinis.cruz<br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 =<br /> <br /> |-<br /> <br /> | operational_leader_name1 =<br /> | operational_leader_email1 =<br /> | operational_leader_username1 = <br /> <br /> |-<br /> <br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session092<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session092<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session085&diff=103166 Summit 2011 Working Sessions/Session085 2011-02-02T20:20:25Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Lucas C. Ferreira<br /> | summit_session_attendee_email1 = lucas.ferreira@owasp.org<br /> | summit_session_attendee_username1 = sapao<br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1=<br /> <br /> | summit_session_attendee_name2 = <br /> | summit_session_attendee_email2 = <br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2=<br /> <br /> | summit_session_attendee_name3 = <br /> | summit_session_attendee_email3 = <br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3=<br /> <br /> | summit_session_attendee_name4 = <br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4=<br /> <br /> | summit_session_attendee_name5 = <br /> | summit_session_attendee_email5 = <br /> | summit_session_attendee_username5 = <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6 = <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7 = <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8 = <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9 = <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10 = <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11 = <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12 = <br /> | summit_session_attendee_company12=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14 = <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15 = <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16 = <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17 = <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18 = <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19 = <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20 = <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._metrics.jpg]] <br /> | summit_ws_logo = [[Image:WS._metrics.jpg]]<br /> | summit_session_name = Common structure and numbering for all guides<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session085 <br /> | mailing_list =<br /> |-<br /> <br /> | short_working_session_description=<br /> The purpose of this session is to bring together the various document project leaders and other interested parties to discuss the establishment of a common document numbering system. This will also require that applicable document projects have a similar structure, at least in the areas associated with the numbering. That means this session will drive revisions to current projects. Additionally, this is an opportunity to discuss the overall alignment of the release document projects and how they fit into a secure development life cycle. <br /> <br /> Some of the document projects that would benefit from this activity include the following, but there are several others not listed :<br /> *[[OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]].........(What to do - Requirements),<br /> *[[OWASP Guide Project|OWASP Development Guide]].......................................(How to do it – Coding guidance),<br /> *[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide V2]].........................(How to do it – Ruby specific),<br /> *[[OWASP Testing Project|OWASP Testing Guide]]...........................................(How to test it – Pen Testing),<br /> *[[:Category:OWASP Code Review Project|OWASP Code Review Guide]].......................................( How to test it – Code Review),<br /> *[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard Project]]......(Verify and rate what was done),<br /> <br /> |-<br /> <br /> | related_project_name1 = <br /> | related_project_url_1 = <br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1= <br /> <br /> | summit_session_objective_name2 = <br /> <br /> | summit_session_objective_name3 = <br /> <br /> | summit_session_objective_name4 = <br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = Projector, whiteboards, markers, Internet connectivity, power<br /> <br /> |-<br /> <br /> | working_session_additional_details = The presence on this session of the participants of the Working Sessions below is advisable<br /> * [[Summit 2011 Working Sessions/Session052|'''OWASP Testing Guide''']]<br /> * [[Summit 2011 Working Sessions/Session066|'''Development Guide''']]<br /> * [[Summit 2011 Working Sessions/Session053|'''OWASP Java Project''']]<br /> * [[Summit 2011 Working Sessions/Session200|'''OWASP Secure Coding Practices Project''']]<br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = <br /> <br /> |summit_session_deliverable_name2 = <br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Keith Turpin<br /> | summit_session_leader_email1 = keith.n.turpin@boeing.com<br /> | summit_session_leader_username1 = Keith Turpin<br /> <br /> | summit_session_leader_name2 = Matteo Meucci<br /> | summit_session_leader_email2 = matteo.meucci@owasp.org<br /> | summit_session_leader_username2 = Mmeucci<br /> <br /> | summit_session_leader_name3 = Vishal Garg<br /> | summit_session_leader_email3 = vishalgrg@gmail.com<br /> | summit_session_leader_username3 = Vishal_Garg<br /> <br /> |-<br /> <br /> | operational_leader_name1 = Jim Manico<br /> | operational_leader_email1 = jim.manico@owasp.org<br /> | operational_leader_username1 = jmanico <br /> <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session085<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session085<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session200&diff=103155 Summit 2011 Working Sessions/Session200 2011-02-02T19:39:01Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = Matteo Meucci<br /> | summit_session_attendee_email1 = matteo.meucci@owasp.org<br /> | summit_session_attendee_username1 = Mmeucci<br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= <br /> <br /> | summit_session_attendee_name2 = <br /> | summit_session_attendee_email2 = <br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= <br /> <br /> | summit_session_attendee_name3 = <br /> | summit_session_attendee_email3 = <br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= <br /> <br /> | summit_session_attendee_name4 = <br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= <br /> <br /> | summit_session_attendee_name5 = <br /> | summit_session_attendee_email5 = <br /> | summit_session_attendee_username5= <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6= <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7= <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8= <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9= <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10= <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11= <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12= <br /> | summit_session_attendee_company12 =<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14= <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15= <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16= <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17= <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18= <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19= <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20= <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = OWASP Secure Coding Practices Project<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session200<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description = The purpose of this track is three fold:&lt;br&gt;<br /> 1. Introduce the project to those who are not yet familiar with it;&lt;br&gt;<br /> 2. Discuss what improvements can be made to the guide;&lt;br&gt;<br /> 3. Discuss what is needed to align the guide to the new common numbering and structure being developed.&lt;br&gt;<br /> <br /> |-<br /> <br /> | related_project_name1 = OWASP Secure Coding Practices - Quick Reference Guide<br /> | related_project_url_1 = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide<br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1 = Improve visibility of this project to other document project leaders <br /> <br /> | summit_session_objective_name2 = Discussion and documenting suggested enhancements to the next version of the guide<br /> <br /> | summit_session_objective_name3 = Collaboration with other OWASP guides<br /> <br /> | summit_session_objective_name4 = Plan for implementation of common numbering schema<br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = <br /> <br /> |-<br /> <br /> | working_session_additional_details = The presence of participants on the Working Session [[Summit 2011 Working Sessions/Session085|'''Common structure and numbering for all guides''']] is advisable. <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = An updated outline for the Quick Reference Guide that is tied into the new OWASP common numbering scheme<br /> <br /> |summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Quick Reference Guide<br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Keith Turpin<br /> | summit_session_leader_email1 = keith.turpin@owasp.org<br /> | summit_session_leader_username1 = Keith Turpin<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 = <br /> | operational_leader_email1 = <br /> | operational_leader_username1 = <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session200<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session200<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session200&diff=103088 Summit 2011 Working Sessions/Session200 2011-02-02T17:45:09Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = <br /> | summit_session_attendee_email1 = <br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= <br /> <br /> | summit_session_attendee_name2 = <br /> | summit_session_attendee_email2 = <br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= <br /> <br /> | summit_session_attendee_name3 = <br /> | summit_session_attendee_email3 = <br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= <br /> <br /> | summit_session_attendee_name4 = <br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= <br /> <br /> | summit_session_attendee_name5 = <br /> | summit_session_attendee_email5 = <br /> | summit_session_attendee_username5= <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6= <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7= <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8= <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9= <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10= <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11= <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12= <br /> | summit_session_attendee_company12 =<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14= <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15= <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16= <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17= <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18= <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19= <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20= <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = OWASP Secure Coding Practices Project<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session200<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description = The purpose of this track is three fold:&lt;br&gt;<br /> 1. Introduce the project to those who are not yet familiar with it;&lt;br&gt;<br /> 2. Discuss what improvements can be made to the guide;&lt;br&gt;<br /> 3. Discuss what is needed to align the guide to the new common numbering and structure being developed.&lt;br&gt;<br /> <br /> |-<br /> <br /> | related_project_name1 = OWASP Secure Coding Practices - Quick Reference Guide<br /> | related_project_url_1 = http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide<br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1 = Improve visibility of this project to other document project leaders <br /> <br /> | summit_session_objective_name2 = Discussion and documenting suggested enhancements to the next version of the guide<br /> <br /> | summit_session_objective_name3 = Collaboration with other OWASP guides<br /> <br /> | summit_session_objective_name4 = Plan for implementation of common numbering schema<br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = <br /> <br /> |-<br /> <br /> | working_session_additional_details = The presence of participants on the Working Session [[Summit 2011 Working Sessions/Session085|'''Common structure and numbering for all guides''']] is advisable. <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = An updated outline for the Quick Reference Guide that is tied into the new OWASP common numbering scheme<br /> <br /> |summit_session_deliverable_name2 = A short white paper with ideas for revisions to the Quick Reference Guide<br /> <br /> |summit_session_deliverable_name3 = <br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Keith Turpin<br /> | summit_session_leader_email1 = keith.turpin@owasp.org<br /> | summit_session_leader_username1 = Keith Turpin<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 = <br /> | operational_leader_email1 = <br /> | operational_leader_username1 = <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session200<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session200<br /> }}</div> Keith Turpin https://wiki.owasp.org/index.php?title=Summit_2011_Working_Sessions/Session200&diff=102890 Summit 2011 Working Sessions/Session200 2011-02-01T06:35:21Z <p>Keith Turpin: </p> <hr /> <div>{{Template:&lt;includeonly&gt;{{{1}}}&lt;/includeonly&gt;&lt;noinclude&gt;Summit 2011 Working Sessions test tab&lt;/noinclude&gt;<br /> |-<br /> <br /> | summit_session_attendee_name1 = <br /> | summit_session_attendee_email1 = <br /> | summit_session_attendee_username1 = <br /> | summit_session_attendee_company1=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed1= <br /> <br /> | summit_session_attendee_name2 = <br /> | summit_session_attendee_email2 = <br /> | summit_session_attendee_username2 = <br /> | summit_session_attendee_company2=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed2= <br /> <br /> | summit_session_attendee_name3 = <br /> | summit_session_attendee_email3 = <br /> | summit_session_attendee_username3 = <br /> | summit_session_attendee_company3=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed3= <br /> <br /> | summit_session_attendee_name4 = <br /> | summit_session_attendee_email4 = <br /> | summit_session_attendee_username4 = <br /> | summit_session_attendee_company4=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed4= <br /> <br /> | summit_session_attendee_name5 = <br /> | summit_session_attendee_email5 = <br /> | summit_session_attendee_username5= <br /> | summit_session_attendee_company5=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed5=<br /> <br /> | summit_session_attendee_name6 = <br /> | summit_session_attendee_email6 = <br /> | summit_session_attendee_username6= <br /> | summit_session_attendee_company6=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed6=<br /> <br /> | summit_session_attendee_name7 = <br /> | summit_session_attendee_email7 = <br /> | summit_session_attendee_username7= <br /> | summit_session_attendee_company7=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed7=<br /> <br /> | summit_session_attendee_name8 = <br /> | summit_session_attendee_email8 = <br /> | summit_session_attendee_username8= <br /> | summit_session_attendee_company8=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed8=<br /> <br /> | summit_session_attendee_name9 = <br /> | summit_session_attendee_email9 = <br /> | summit_session_attendee_username9= <br /> | summit_session_attendee_company9=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed9=<br /> <br /> | summit_session_attendee_name10 = <br /> | summit_session_attendee_email10 = <br /> | summit_session_attendee_username10= <br /> | summit_session_attendee_company10=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed10=<br /> <br /> | summit_session_attendee_name11 = <br /> | summit_session_attendee_email11 = <br /> | summit_session_attendee_username11= <br /> | summit_session_attendee_company11=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed11=<br /> <br /> | summit_session_attendee_name12 = <br /> | summit_session_attendee_email12 = <br /> | summit_session_attendee_username12= <br /> | summit_session_attendee_company12 =<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed12=<br /> <br /> | summit_session_attendee_name13 = <br /> | summit_session_attendee_email13 = <br /> | summit_session_attendee_username13 = <br /> | summit_session_attendee_company13=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed13=<br /> <br /> | summit_session_attendee_name14 = <br /> | summit_session_attendee_email14 = <br /> | summit_session_attendee_username14= <br /> | summit_session_attendee_company14=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed14= <br /> <br /> | summit_session_attendee_name15 = <br /> | summit_session_attendee_email15 = <br /> | summit_session_attendee_username15= <br /> | summit_session_attendee_company15=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed15=<br /> <br /> | summit_session_attendee_name16 = <br /> | summit_session_attendee_email16 = <br /> | summit_session_attendee_username16= <br /> | summit_session_attendee_company16=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed16=<br /> <br /> | summit_session_attendee_name17 = <br /> | summit_session_attendee_email17 = <br /> | summit_session_attendee_username17= <br /> | summit_session_attendee_company17=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed17=<br /> <br /> | summit_session_attendee_name18 = <br /> | summit_session_attendee_email18 = <br /> | summit_session_attendee_username18= <br /> | summit_session_attendee_company18=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed18=<br /> <br /> | summit_session_attendee_name19 = <br /> | summit_session_attendee_email19 = <br /> | summit_session_attendee_username19= <br /> | summit_session_attendee_company19=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed19=<br /> <br /> | summit_session_attendee_name20 = <br /> | summit_session_attendee_email20 = <br /> | summit_session_attendee_username20= <br /> | summit_session_attendee_company20=<br /> | summit_session_attendee_notes,_reason_for_participating_and_issues_to_be discussed20=<br /> <br /> |-<br /> | summit_track_logo = [[Image:T._individual_projects.jpg]]<br /> | summit_ws_logo = [[Image:WS._individual_projects.jpg]]<br /> | summit_session_name = OWASP Secure Coding Practices Project<br /> | summit_session_url = http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session200<br /> | mailing_list =<br /> <br /> |-<br /> <br /> | short_working_session_description = The purpose of this track is three fold:<br /> | 1. Introduce the project to those who are not yet familiar with it<br /> | 2. Discuss what improvements can be made to the guide<br /> | 3. Discuss what is needed to establish a baseline categorization and numbering schema that works across document projects.<br /> <br /> |-<br /> <br /> | related_project_name1 = <br /> | related_project_url_1 = <br /> <br /> | related_project_name2 = <br /> | related_project_url_2 = <br /> <br /> | related_project_name3 = <br /> | related_project_url_3 = <br /> <br /> | related_project_name4 = <br /> | related_project_url_4 = <br /> <br /> | related_project_name5 = <br /> | related_project_url_5 = <br /> <br /> |-<br /> <br /> | summit_session_objective_name1 = Improve visibility of this project to other document project leaders <br /> <br /> | summit_session_objective_name2 = Discussion on enhancements to the next version of the development guide<br /> <br /> | summit_session_objective_name3 = Collaboration with other OWASP guides<br /> <br /> | summit_session_objective_name4 = Discuss what is needed to establish a baseline categorization and numbering schema that works across document projects<br /> <br /> | summit_session_objective_name5 = <br /> <br /> |-<br /> <br /> | working_session_date_and_time = <br /> <br /> |-<br /> <br /> | discussion_model = participants and attendees<br /> <br /> |-<br /> <br /> | operational_resources = <br /> <br /> |-<br /> <br /> | working_session_additional_details = <br /> <br /> |-<br /> <br /> |summit_session_deliverable_name1 = An agreed to new common document structure and numbering system<br /> <br /> |summit_session_deliverable_name2 = An updated outline for the Quick Reference Guide that is tied into the new OWASP common numbering scheme<br /> <br /> |summit_session_deliverable_name3 = A short white paper with ideas for revisions to the Quick Reference Guide<br /> <br /> |summit_session_deliverable_name4 = <br /> <br /> |summit_session_deliverable_name5 = <br /> <br /> |summit_session_deliverable_name6 = <br /> <br /> |summit_session_deliverable_name7 = <br /> <br /> |summit_session_deliverable_name8 = <br /> <br /> |-<br /> <br /> | summit_session_leader_name1 = Keith Turpin<br /> | summit_session_leader_email1 = keith.turpin@owasp.org<br /> | summit_session_leader_username1 = Keith Turpin<br /> <br /> | summit_session_leader_name2 = <br /> | summit_session_leader_email2 = <br /> | summit_session_leader_username2 = <br /> <br /> | summit_session_leader_name3 = <br /> | summit_session_leader_email3 = <br /> | summit_session_leader_username3 = <br /> <br /> |-<br /> <br /> | operational_leader_name1 = <br /> | operational_leader_email1 = <br /> | operational_leader_username1 = <br /> |-<br /> <br /> | meeting_notes = <br /> <br /> |-<br /> | session_name_mask = &lt;!--Please replace DO NOT EDIT this string --&gt; Session200<br /> | session_home_page = &lt;!--Please replace DO NOT EDIT this string --&gt; Summit_2011_Working_Sessions/Session200<br /> }}</div> Keith Turpin