Difference between revisions of "OWASP ASDR Workplan"

From OWASP
Jump to: navigation, search
(Articles development)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
 
==ASDR Project==
 
==ASDR Project==
This page defines the workplan for [[OWASP_ASDR_Project|ASDR Project]]. We are looking to release a quality version book on August 1, 2008.
+
This page defines the workplan for [[OWASP_ASDR_Project|ASDR Project]].  
 +
If you want to help, please contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] to volunteer to create articles contents or review articles from [[ASDR_Table_of_Contents|ASDR Table Of Contents]].
  
If you want to help, please contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] to volunteer to draft or review a section of the [[ASDR_Table_of_Contents|ASDR Table Of Contents]].
+
An [[Media:OWASP_ASDR.jpeg|ASDR Mindmap]] was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.
  
Also, a free draft book of ASDR Project with more than 600 pages will be available for volunteers. It can help you on articles development and filtering.
+
Also, articles should follow their respective template. Check the following wiki source articles when developing/reviewing an article:
 +
* [[Principle template]]
 +
* [[Threat Agent template]]
 +
* [[Attack template]]
 +
* [[Vulnerability template]]
 +
* [[Control template]]
 +
* [[Technical Impact template]]
 +
* [[Business Impact template]]
  
==Work Plan==
 
This section defines the Work Plan for ASDR Project. An [[Media:OWASP_ASDR.jpeg|ASDR Mindmap]] was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.
 
  
The project has 2 main phases:
+
==Active Tasks==
  
 
===Articles development===
 
===Articles development===
We need volunteers to develop articles. The authors should choose a set of them from [[ASDR_Table_of_Contents|ASDR Table Of Contents]], otherwise we'll assign some. The following "rules" should be considered:
+
We need volunteers to develop and review articles. In this sense, you should choose a set of them from [[ASDR_Table_of_Contents|ASDR Table Of Contents]], otherwise contact me that I'll assign you some. At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template.
  
'''1) Identify Duplicate articles''': There are articles classified as vulnerabilities but that are actually attacks, and vice-versa. The same happens within other categories.
+
All articles have related section for ASDR articles, external references and a threat modeling area that interlink with other OWASP projects: [[:Category:OWASP_Testing_Project|Testing Guide]], [[:Category:OWASP_Code_Review_Project|Code Review]] and [[:Category:OWASP_Guide_Project|Building Guide]]. Keep in mind to fill those sections properly.
Once one takes an article, let's say [[Cross Site Scripting]], he/she will need to lookup up all articles listed in TOC to identify related ones (like [[XSS]], [[Alternate XSS Syntax]], [[XSS using Script Via Encoded URI Schemes]], etc) and check if it’s possible to merge them into a unique article.
+
  
Here, it'll be necessary some skills and good sense to decide if merging fits better than keep separated. The ASDR draft book can be useful to find dups.
+
Any article that one judge improper or erroneous should be tagged with <nowiki>{{template:CandidateForDeletion}}</nowiki> at top of it and notified to project [https://lists.owasp.org/mailman/listinfo/owasp-asdr-project mailing list], so we can discuss about it.
  
NOTE: We really encourage people to inform which articles were merged by inserting this tag <nowiki>{{template:CandidateForDeletion}}</nowiki> at top of merged articles, so we can clean up wiki when project is done.
+
===Identify/Develop New articles===
 +
The section [[Principle]], [[Technical Impact]] and [[Business Impact]] need to be populated with articles. If you are missing an article, write a note to our mailing list and fell free to develop it. Remember to consider all above requirements.
  
 
'''2) Develop Stubs and incomplete articles''': At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template. We know that are many smart guys (and some girls too :) ) reading this, so Let's Work it Out!
 
 
'''3) Identify and develop new articles''', mainly for [[Principle]], [[Technical Impact]] and [[Business Impact]]. If you notice a  missing article, please, let us know about it and fell free to develop it. We'll really appreciate!
 
 
'''4) Erroneous/Improper articles''': it should be tagged with <nowiki>{{template:CandidateForDeletion}}</nowiki > at top of it, so we can review and make decision to remove it.
 
 
'''5) Use the templates defined without deviations''': see at the bottom.
 
 
'''6) Countermeasure category replacement''': The [[:Category:Countermeasure]] is being replaced by [[:Category:Control]], so any reference for it should be updated as well.
 
 
'''7) [[Attack]] articles''': They are mostly completed (developed for [[OWASP_Spring_Of_Code_2007]]) and just need some adjustment to new template.
 
 
'''8) Add references''': from other OWASP projects - [[:Category:OWASP_Testing_Project|Testing Guide]], [[:Category:OWASP_Code_Review_Project|Code Review]] and [[:Category:OWASP_Guide_Project|Building Guide]]
 
  
 
===Revision Phase===
 
===Revision Phase===
Once articles are finished, it will need other volunteers to start revision phase. Here, a set of tasks should be respected:
+
Project reviewers will be in charge of:
  
'''1)Article Contents!'''
+
'''1)Article Contents:''' check english terminology, content accurate/asertiviness.
  
'''2)Categories and classification''': verify if the article was correctly subcategorized within its type.
+
'''2)Categories and classification''': verify if the article was correctly classified/categorized.
  
 
'''3)Template compliance''': verify if the article template was respected.
 
'''3)Template compliance''': verify if the article template was respected.
Line 48: Line 40:
 
'''4)Add article ID''': insert an article ID sequentially. More details in near future.
 
'''4)Add article ID''': insert an article ID sequentially. More details in near future.
  
==Templates==
 
 
Here are the templates for the various types of articles:
 
 
* [[Principle template]]
 
* [[Threat Agent template]]
 
* [[Attack template]]
 
* [[Vulnerability template]]
 
* [[Control template]]
 
* [[Technical Impact template]]
 
* [[Business Impact template]]
 
  
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]

Revision as of 14:36, 18 October 2008

ASDR Project

This page defines the workplan for ASDR Project. If you want to help, please contact Leonardo Cavallari to volunteer to create articles contents or review articles from ASDR Table Of Contents.

An ASDR Mindmap was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.

Also, articles should follow their respective template. Check the following wiki source articles when developing/reviewing an article:


Active Tasks

Articles development

We need volunteers to develop and review articles. In this sense, you should choose a set of them from ASDR Table Of Contents, otherwise contact me that I'll assign you some. At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template.

All articles have related section for ASDR articles, external references and a threat modeling area that interlink with other OWASP projects: Testing Guide, Code Review and Building Guide. Keep in mind to fill those sections properly.

Any article that one judge improper or erroneous should be tagged with {{template:CandidateForDeletion}} at top of it and notified to project mailing list, so we can discuss about it.

Identify/Develop New articles

The section Principle, Technical Impact and Business Impact need to be populated with articles. If you are missing an article, write a note to our mailing list and fell free to develop it. Remember to consider all above requirements.


Revision Phase

Project reviewers will be in charge of:

1)Article Contents: check english terminology, content accurate/asertiviness.

2)Categories and classification: verify if the article was correctly classified/categorized.

3)Template compliance: verify if the article template was respected.

4)Add article ID: insert an article ID sequentially. More details in near future.