Difference between revisions of "OWASP ASDR Workplan"

From OWASP
Jump to: navigation, search
(Identify/Develop New articles)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
 
==ASDR Project==
 
==ASDR Project==
This page defines the workplan for [[OWASP_ASDR_Project|ASDR Project]]. We are looking to release version 1.0 on August 1, 2008.
+
This page defines the workplan for [[OWASP_ASDR_Project|ASDR Project]].  
 +
If you want to help, please contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] and subscribe to [https://lists.owasp.org/mailman/listinfo/owasp-asdr-project ASDR Mailing List] to start contributing with the activitie described bellow.
  
If you want to help, please contact [mailto:leonardocavallari@gmail.com Leonardo Cavallari] to volunteer to draft or review a section of the [[ASDR_Table_of_Contents|ASDR Table Of Contents]].
+
An [[Media:OWASP_ASDR.jpeg|ASDR Mindmap]] was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.
  
Also, a free draft book of ASDR Project is available at[http://www.lulu.com lulu.com] . It can help you on articles development and filtering.
+
Also, articles should follow their respective template. Check the following wiki source articles when developing/reviewing an article:
 +
* [[Principle template]]
 +
* [[Threat Agent template]]
 +
* [[Attack template]]
 +
* [[Vulnerability template]]
 +
* [[Control template]]
 +
* [[Technical Impact template]]
 +
* [[Business Impact template]]
  
==Work Plan==
+
==Active Tasks==
This section defines the Work Plan for ASDR Project. An [[Media:OWASP_ASDR.jpeg|ASDR Mindmap]] was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.
+
 
+
The project has 2 main phases:
+
  
 
===Articles development===
 
===Articles development===
We need volunteers to develop articles. The authors should choose a set of them from [[ASDR_Table_of_Contents|ASDR Table Of Contents]], otherwise we'll assign some. The following "rules" should be considered:
+
We need volunteers to develop and review articles. In this sense, you should choose a set of them from [[ASDR_Table_of_Contents|ASDR Table Of Contents]], otherwise contact me that I'll assign you some. At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template.
  
'''1) Identify Duplicate articles among sections''': There are articles classified as vulnerabilities but that are actually attacks, and vice-versa. The same happens within other categories.
+
All articles have related section for ASDR articles, external references and a threat modeling area that interlink with other OWASP projects: [[:Category:OWASP_Testing_Project|Testing Guide]], [[:Category:OWASP_Code_Review_Project|Code Review]] and [[:Category:OWASP_Guide_Project|Building Guide]]. Keep in mind to fill those sections properly.
Once one takes an article, let's say [[Cross Site Scripting]], he/she will need to lookup up all articles listed in TOC to identify related ones (like [[XSS]], [[Alternate XSS Syntax]], [[XSS in error pages]], [[XSS using Script Via Encoded URI Schemes]], etc) and check if it’s possible to merge them into a unique article.
+
  
Here, it'll be necessary some skills and good sense to decide if merging fits better than keep separated.  
+
Any article that one judge improper or erroneous should be tagged with <nowiki>{{template:CandidateForDeletion}}</nowiki> at top of it and notified to project [https://lists.owasp.org/mailman/listinfo/owasp-asdr-project mailing list], so we can discuss about it.
  
NOTE: We really encourage people to inform which articles were merged by inserting this tag <nowiki>{{template:CandidateForDeletion}}</nowiki> at top of merged articles, so we can clean up wiki when project is done.
+
===Identify/Develop New articles===
 +
The section [[Principle]], [[Technical Impact]] and [[Business Impact]] need to be populated with articles. If you are missing an article, write a note to our mailing list and fell free to develop it. Remember to consider all above requirements.
  
 +
Project reviewers have an important role over this topic!!!
  
'''2) Develop Stubs and incomplete articles''': At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template. We know that are many smart guys (and some girls too :) ) reading this, so Let's Work it Out!
+
===Revision Phase===
 +
Project reviewers will be in charge of:
  
'''3) Identify and develop new articles''', mainly for [[Principle]], [[Technical Impact]] and [[Business Impact]]. If you notice a  missing article, please, let us know about it and fell free to develop it. We'll really appreciate!
+
* Article Contents: check english terminology, content accurate/asertiviness.  
  
'''4) Erroneous/Improper articles''': it should be tagged with <nowiki>{{template:CandidateForDeletion}}</nowiki > at top of it, so we can review and make decision to remove it.
+
* Categories and classification: verify if the article was correctly classified/categorized.
  
'''5) Use the templates defined without deviations''': see at the bottom.
+
* Template compliance: verify if the article template was respected.
  
'''6) Countermeasure category replacement''': The [[:Category:Countermeasure]] is being replaced by [[:Category:Control]], so any reference for it should be updated as well.
+
* Add article ID: insert an article ID sequentially. More details in near future.
  
'''7) [[Attack]] articles''': They are mostly completed (developed for [[OWASP_Spring_Of_Code_2007]]) and just need some adjustment to new template.
 
'''8) Add references''': from other OWASP projects ([[:Category:OWASP_Testing_Project|Testing Guide]] where appropriate
 
  
===Revision Phase===
+
==Future Task==
Once articles are finished, it will need other volunteers to start revision phase. Here, a set of tasks should be respected:
+
  
'''1)Article Contents!'''
+
To be defined after EU Summit 08
  
'''2)Categories and classification''': verify if the article was correctly subcategorized within its type.
 
 
'''3)Template compliance''': verify if the article template was respected.
 
 
'''4)Add article ID''': insert an article ID sequentially. More details in near future.
 
 
==Templates==
 
 
Here are the templates for the various types of articles:
 
 
* [[Principle template]]
 
* [[Threat Agent template]]
 
* [[Attack template]]
 
* [[Vulnerability template]]
 
* [[Control template]]
 
* [[Technical Impact template]]
 
* [[Business Impact template]]
 
  
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]

Latest revision as of 15:05, 18 October 2008

ASDR Project

This page defines the workplan for ASDR Project. If you want to help, please contact Leonardo Cavallari and subscribe to ASDR Mailing List to start contributing with the activitie described bellow.

An ASDR Mindmap was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.

Also, articles should follow their respective template. Check the following wiki source articles when developing/reviewing an article:

Active Tasks

Articles development

We need volunteers to develop and review articles. In this sense, you should choose a set of them from ASDR Table Of Contents, otherwise contact me that I'll assign you some. At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template.

All articles have related section for ASDR articles, external references and a threat modeling area that interlink with other OWASP projects: Testing Guide, Code Review and Building Guide. Keep in mind to fill those sections properly.

Any article that one judge improper or erroneous should be tagged with {{template:CandidateForDeletion}} at top of it and notified to project mailing list, so we can discuss about it.

Identify/Develop New articles

The section Principle, Technical Impact and Business Impact need to be populated with articles. If you are missing an article, write a note to our mailing list and fell free to develop it. Remember to consider all above requirements.

Project reviewers have an important role over this topic!!!

Revision Phase

Project reviewers will be in charge of:

  • Article Contents: check english terminology, content accurate/asertiviness.
  • Categories and classification: verify if the article was correctly classified/categorized.
  • Template compliance: verify if the article template was respected.
  • Add article ID: insert an article ID sequentially. More details in near future.


Future Task

To be defined after EU Summit 08