

Getting Web Application Security right from the start with OWASP ASVS - relaxnow
http://blog.ibuildings.com/2013/03/21/verifying-software-with-owasp-asvs/

======
laumars
_> It is said, conveniently enough mostly by software engineers, that building
software is perhaps the most complex activity humans have ever undertaken._

Who says this? Because while I agree that some pieces of software are hugely
complicated (writing a compiler, kernels, etc), I think it's massively
overstating things to describe web development as the pinnacle of complexity.
In fact I'd say it's a little insulting to doctors, physicists, engineers of
equipment that get deployed into space, and so on.

~~~
relaxnow
I've read that phrase (or derivations of it) multiple times, like the
"Programming is hard" phrase, but can't find a reference for you. I've updated
the article to say "one of" to at least weaken the statement. I agree that,
while massive (multi MLOC) webapps can be very complicated, it's certainly no
theoretical physics for instance.

Thank you for your time and feedback, have any more feedback?

~~~
laumars
It's a nice overview. I could see myself referring to a document like this as
a convenient checklist when beta testing projects just prior to go-live.

If I was to find fault, it would be that the TL;DR section is a little
redundant as in it's effort to be succinct (which the main body of the article
achieves anyway), you end up dumbing the content down to a point where it's
not actually expressing anything useful at all. But that's just my opinion and
I may well have missed the point of the TL;DR. :)

Good work though.

