Difference between revisions of "OWASP ASDR Workplan"

From OWASP
Jump to: navigation, search
(New page: ==ASDR Project== This page defines the workplan for ASDR Project. First, contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] to volunteer to draft or re...)
 
(Identify/Develop New articles)
 
(19 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
__NOTOC__
 
==ASDR Project==
 
==ASDR Project==
This page defines the workplan for [[OWASP_ASDR_Project|ASDR Project]].
+
This page defines the workplan for [[OWASP_ASDR_Project|ASDR Project]].
 +
If you want to help, please contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] and subscribe to [https://lists.owasp.org/mailman/listinfo/owasp-asdr-project ASDR Mailing List] to start contributing with the activitie described bellow.
  
First, contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] to volunteer to draft or review a section of the [[ASDR_Table_of_Contents|ASDR Table Of Contents]]. We are looking to release version 1.0 on August 1, 2008.
+
An [[Media:OWASP_ASDR.jpeg|ASDR Mindmap]] was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.
  
===Work Plan===
+
Also, articles should follow their respective template. Check the following wiki source articles when developing/reviewing an article:
This section defines the Work Plan for ASDR Project. An [[Media:OWASP_ASDR.jpeg|ASDR Mindmap]] was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look on it.
+
* [[Principle template]]
 +
* [[Threat Agent template]]
 +
* [[Attack template]]
 +
* [[Vulnerability template]]
 +
* [[Control template]]
 +
* [[Technical Impact template]]
 +
* [[Business Impact template]]
  
 +
==Active Tasks==
  
 +
===Articles development===
 +
We need volunteers to develop and review articles. In this sense, you should choose a set of them from [[ASDR_Table_of_Contents|ASDR Table Of Contents]], otherwise contact me that I'll assign you some. At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template.
  
'''1)Candidate for articles development and review.'''
+
All articles have related section for ASDR articles, external references and a threat modeling area that interlink with other OWASP projects: [[:Category:OWASP_Testing_Project|Testing Guide]], [[:Category:OWASP_Code_Review_Project|Code Review]] and [[:Category:OWASP_Guide_Project|Building Guide]]. Keep in mind to fill those sections properly.
  
'''2)Identify Duplicate articles among sections''': We noticed there are articles classified as vulnerabilities but that are actually attacks, and vice-versa. The same happens within other categories.
+
Any article that one judge improper or erroneous should be tagged with <nowiki>{{template:CandidateForDeletion}}</nowiki> at top of it and notified to project [https://lists.owasp.org/mailman/listinfo/owasp-asdr-project mailing list], so we can discuss about it.
So, once one takes an article, let's say [[Cross Site Scripting]], he/she will need to lookup up all articles listed in TOC to identify related ones (like [[XSS]], [[Alternate XSS Syntax]], [[XSS in error pages]], [[XSS using Script Via Encoded URI Schemes]], etc) and check if it’s possible to merge them into a unique article.
+
  
Here, it'll be necessary some skills and good sense to decide if merging fits better than keep separated.  
+
===Identify/Develop New articles===
 +
The section [[Principle]], [[Technical Impact]] and [[Business Impact]] need to be populated with articles. If you are missing an article, write a note to our mailing list and fell free to develop it. Remember to consider all above requirements.
  
NOTE: We really encourage people to inform which articles were merged by inserting <nowiki>{{template:CandidateForDeletion}}</nowiki> at top of articles used to create one article, so we can clean up wiki when project is done.
+
Project reviewers have an important role over this topic!!!
  
 +
===Revision Phase===
 +
Project reviewers will be in charge of:
  
'''3)Develop Stubs and incomplete articles''': At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template. We know that are many smart guys (and some girls too :) ) reading this, so Let's Work it Out!
+
* Article Contents: check english terminology, content accurate/asertiviness.  
  
 +
* Categories and classification: verify if the article was correctly classified/categorized.
  
'''4)Identify and develop new articles''', mainly for [[Technical Impact]] and [[Business Impact]]. If you noticed that we are missing an article, please, let us know about it and fell free to develop it. We'll really appreciate!
+
* Template compliance: verify if the article template was respected.
  
 +
* Add article ID: insert an article ID sequentially. More details in near future.
  
'''5)Revision Phase''': Once articles are finished, it will be tagged as "drafted" and then other volunteers will start revision it.
 
  
===Last but not least===
+
==Future Task==
* Use the templates without deviations!
+
* The [[:Category:Countermeasure]] is being replaced by [[:Category:Control]], so the references on articles should be updated as well.
+
*[[Attack]] articles are mostly completed (developed for [[OWASP_Spring_Of_Code_2007]]) and just need some adjustment to new template.
+
* Every article identified as erroneous or improper may be tagged with <nowiki>{{template:CandidateForDeletion}}</nowiki > at top of it, so we can review and make decision to remove it.
+
* Any doubt, contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari]!
+
  
==Templates==
+
To be defined after EU Summit 08
  
Here are the templates for the various types of articles:
 
  
* [[Principle template]]
+
[[Category:OWASP ASDR Project]]
* [[Threat Agent template]]
+
* [[Attack template]]
+
* [[Vulnerability template]]
+
* [[Control template]]
+
* [[Technical Impact template]]
+
* [[Business Impact template]]
+

Latest revision as of 15:05, 18 October 2008

ASDR Project

This page defines the workplan for ASDR Project. If you want to help, please contact Leonardo Cavallari and subscribe to ASDR Mailing List to start contributing with the activitie described bellow.

An ASDR Mindmap was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.

Also, articles should follow their respective template. Check the following wiki source articles when developing/reviewing an article:

Active Tasks

Articles development

We need volunteers to develop and review articles. In this sense, you should choose a set of them from ASDR Table Of Contents, otherwise contact me that I'll assign you some. At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template.

All articles have related section for ASDR articles, external references and a threat modeling area that interlink with other OWASP projects: Testing Guide, Code Review and Building Guide. Keep in mind to fill those sections properly.

Any article that one judge improper or erroneous should be tagged with {{template:CandidateForDeletion}} at top of it and notified to project mailing list, so we can discuss about it.

Identify/Develop New articles

The section Principle, Technical Impact and Business Impact need to be populated with articles. If you are missing an article, write a note to our mailing list and fell free to develop it. Remember to consider all above requirements.

Project reviewers have an important role over this topic!!!

Revision Phase

Project reviewers will be in charge of:

  • Article Contents: check english terminology, content accurate/asertiviness.
  • Categories and classification: verify if the article was correctly classified/categorized.
  • Template compliance: verify if the article template was respected.
  • Add article ID: insert an article ID sequentially. More details in near future.


Future Task

To be defined after EU Summit 08