This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
User:Thomas Herlea/Notes
How to Organise OWASP Knowledge With Transclusion
By splitting knowledge into modules along orthogonal axes it becomes possible to aggregate them by transclusion into articles which go into the most appropriate level of detail. All related articles (which transclude the same module) get updated at the same time when the module is updated. Modules are implemented as articles themselves.
Article Names | SQLI | XSS | CSRF |
---|---|---|---|
Description | Description_of_SQLI | Description_of_XSS | Description_of_CSRF |
Testing for Issue | Testing_for_SQLI | Testing_for_XSS | Testing_for_CSRF |
Looking for Issue During Review | Reviewing_for_SQLI | Reviewing_for_XSS | Reviewing_for_CSRF |
Avoiding the Issue | Avoiding_SQLI | Avoiding_XSS | Avoiding_CSRF |
Authoritative Articles on Security Issues
Authoritative articles on security issues could be formed by transcluding modules per column:
SQLI | XSS | CSRF | |
---|---|---|---|
Description | A | B | C |
Testing for Issue | A | B | C |
Looking for Issue During Review | A | B | C |
Avoiding the Issue | A | B | C |
The authoritative article on SQLI would consist of the modules labelled "A" etc.
Books on Security Practices
Books on security practices could address security issues by transcluding partial columns:
SQLI | XSS | CSRF | |
---|---|---|---|
Description | X, Y, Z | X, Y, Z | X, Y, Z |
Testing for Issue | X | X | X |
Looking for Issue During Review | Y | Y | Y |
Avoiding the Issue | Z | Z | Z |
The OWASP Code Review Guide would consist of modules labelled "Y" (for each security issue there is its description and how to look for it during review) etc.