OWASP ASDR Workplan

From OWASP
Revision as of 09:41, 7 May 2008 by Leocavallari (Talk | contribs)

Jump to: navigation, search

ASDR Project

This page defines the workplan for ASDR Project. We are looking to release version 1.0 on August 1, 2008.

If you want to help, please contact Leonardo Cavallari to volunteer to draft or review a section of the ASDR Table Of Contents.

Also, a free draft book of ASDR Project is available atlulu.com . It can help you on articles development and filtering.

Work Plan

This section defines the Work Plan for ASDR Project. An ASDR Mindmap was created to give an Overview of project structure, subcategories and activities specified below. I strongly suggest to take a look at it.

The project has 2 main phases:

Articles development

We need volunteers to develop articles. The authors should choose a set of them from ASDR Table Of Contents, otherwise we'll assign some. The following "rules" should be considered:

1) Identify Duplicate articles: There are articles classified as vulnerabilities but that are actually attacks, and vice-versa. The same happens within other categories. Once one takes an article, let's say Cross Site Scripting, he/she will need to lookup up all articles listed in TOC to identify related ones (like XSS, Alternate XSS Syntax, XSS in error pages, XSS using Script Via Encoded URI Schemes, etc) and check if it’s possible to merge them into a unique article.

Here, it'll be necessary some skills and good sense to decide if merging fits better than keep separated. The ASDR draft book can be useful to find dups.

NOTE: We really encourage people to inform which articles were merged by inserting this tag {{template:CandidateForDeletion}} at top of merged articles, so we can clean up wiki when project is done.


2) Develop Stubs and incomplete articles: At time of writing, there are about 300 stub articles that deserve special attention. What we need here are some focused volunteers that can develop at least one article from the scratch, based on the related template. We know that are many smart guys (and some girls too :) ) reading this, so Let's Work it Out!

3) Identify and develop new articles, mainly for Principle, Technical Impact and Business Impact. If you notice a missing article, please, let us know about it and fell free to develop it. We'll really appreciate!

4) Erroneous/Improper articles: it should be tagged with {{template:CandidateForDeletion}} at top of it, so we can review and make decision to remove it.

5) Use the templates defined without deviations: see at the bottom.

6) Countermeasure category replacement: The Category:Countermeasure is being replaced by Category:Control, so any reference for it should be updated as well.

7) Attack articles: They are mostly completed (developed for OWASP_Spring_Of_Code_2007) and just need some adjustment to new template.

8) Add references: from other OWASP projects - Testing Guide, Code Review and Building Guide

Revision Phase

Once articles are finished, it will need other volunteers to start revision phase. Here, a set of tasks should be respected:

1)Article Contents!

2)Categories and classification: verify if the article was correctly subcategorized within its type.

3)Template compliance: verify if the article template was respected.

4)Add article ID: insert an article ID sequentially. More details in near future.

Templates

Here are the templates for the various types of articles: