User:Thomas Herlea/Notes

From OWASP
< User:Thomas Herlea
Revision as of 12:41, 9 September 2010 by Thomas Herlea (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to Organise OWASP Knowledge With Transclusion

By splitting knowledge into modules along orthogonal axes it becomes possible to aggregate them by transclusion into articles which go into the most appropriate level of detail. All related articles (which transclude the same module) get updated at the same time when the module is updated. Modules are implemented as articles themselves.


Article Names SQLI XSS CSRF
Description Description_of_SQLI Description_of_XSS Description_of_CSRF
Testing for Issue Testing_for_SQLI Testing_for_XSS Testing_for_CSRF
Looking for Issue During Review Reviewing_for_SQLI Reviewing_for_XSS Reviewing_for_CSRF
Avoiding the Issue Avoiding_SQLI Avoiding_XSS Avoiding_CSRF

Authoritative Articles on Security Issues

Authoritative articles on security issues could be formed by transcluding modules per column:

SQLI XSS CSRF
Description A B C
Testing for Issue A B C
Looking for Issue During Review A B C
Avoiding the Issue A B C

The authoritative article on SQLI would consist of the modules labelled "A" etc.

Books on Security Practices

Books on security practices could address security issues by transcluding partial columns:

SQLI XSS CSRF
Description X, Y, Z X, Y, Z X, Y, Z
Testing for Issue X X X
Looking for Issue During Review Y Y Y
Avoiding the Issue Z Z Z

The OWASP Code Review Guide would consist of modules labelled "Y" (for each security issue there is its description and how to look for it during review) etc.