https://wiki.owasp.org/index.php?action=history&feed=atom&title=User%3AThomas_Herlea%2FNotes
User:Thomas Herlea/Notes - Revision history
2026-04-04T16:29:49Z
Revision history for this page on the wiki
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=User:Thomas_Herlea/Notes&diff=89020&oldid=prev
Thomas Herlea: Layed out vision for modular organisation of knowledge on security issues
2010-09-09T17:41:22Z
<p>Layed out vision for modular organisation of knowledge on security issues</p>
<p><b>New page</b></p><div>= How to Organise OWASP Knowledge With Transclusion =<br />
<br />
By splitting knowledge into modules along orthogonal axes it becomes possible to aggregate them by transclusion into articles which go into the most appropriate level of detail. All related articles (which transclude the same module) get updated at the same time when the module is updated. Modules are implemented as articles themselves.<br />
<br />
<br />
{| border="1"<br />
|-<br />
| ''Article Names''<br />
! SQLI<br />
! XSS<br />
! CSRF<br />
|-<br />
! Description<br />
| Description_of_SQLI<br />
| Description_of_XSS<br />
| Description_of_CSRF<br />
|-<br />
! Testing for Issue<br />
| Testing_for_SQLI<br />
| Testing_for_XSS<br />
| Testing_for_CSRF<br />
|-<br />
! Looking for Issue During Review<br />
| Reviewing_for_SQLI<br />
| Reviewing_for_XSS<br />
| Reviewing_for_CSRF<br />
|-<br />
! Avoiding the Issue<br />
| Avoiding_SQLI<br />
| Avoiding_XSS<br />
| Avoiding_CSRF<br />
|}<br />
<br />
== Authoritative Articles on Security Issues ==<br />
<br />
Authoritative articles on security issues could be formed by transcluding modules per column:<br />
<br />
{| border="1"<br />
|-<br />
| <br />
! SQLI<br />
! XSS<br />
! CSRF<br />
|-<br />
! Description<br />
| style="background:yellow" | A<br />
| B<br />
| C<br />
|-<br />
! Testing for Issue<br />
| style="background:yellow" | A<br />
| B<br />
| C<br />
|-<br />
! Looking for Issue During Review<br />
| style="background:yellow" | A<br />
| B<br />
| C<br />
|-<br />
! Avoiding the Issue<br />
| style="background:yellow" | A<br />
| B<br />
| C<br />
|}<br />
<br />
The authoritative article on SQLI would consist of the modules labelled "<span style="background:yellow">A</span>" etc.<br />
<br />
== Books on Security Practices ==<br />
<br />
Books on security practices could address security issues by transcluding partial columns:<br />
<br />
{| border="1"<br />
|-<br />
| <br />
! SQLI<br />
! XSS<br />
! CSRF<br />
|-<br />
! Description<br />
| style="background:yellow" | X, Y, Z<br />
| style="background:yellow" | X, Y, Z<br />
| style="background:yellow" | X, Y, Z<br />
|-<br />
! Testing for Issue<br />
| X<br />
| X<br />
| X<br />
|-<br />
! Looking for Issue During Review<br />
| style="background:yellow" | Y<br />
| style="background:yellow" | Y<br />
| style="background:yellow" | Y<br />
|-<br />
! Avoiding the Issue<br />
| Z<br />
| Z<br />
| Z<br />
|}<br />
<br />
The OWASP Code Review Guide would consist of modules labelled "<span style="background:yellow">Y</span>" (for each security issue there is its description and how to look for it during review) etc.</div>
Thomas Herlea