

OWASP Developer Guide - arunc
https://github.com/OWASP/DevGuide

======
tptacek
The "Cryptography Guide" under the "Build" section of this work is truly a
work of... some sort.

[https://github.com/OWASP/DevGuide/blob/master/DevGuide3.0/03...](https://github.com/OWASP/DevGuide/blob/master/DevGuide3.0/03-Build/0x11-Cryptography.md)

~~~
jessaustin
Perhaps the idea is to annoy knowledgeable people enough that they will rise
up and edit until OWASP is left with an actually-decent reference?

~~~
wglb
This has been its state for quite a few years now.

------
christianbryant
I really want OWASP to be high quality and up-to-date because I feel like
there are too many commercial efforts out there; it takes away from the old
school hacker community spirit to see all these books on Amazon, hack this,
and hack that. OWASP folks are really great people, and I feel like there
could be more urgency and edge to what they do.

------
InAnEmergency
Since it appears to be completely non-obvious what is going on here, this is
an in-development update of the current development guide
([https://www.owasp.org/index.php/Category:OWASP_Guide_Project](https://www.owasp.org/index.php/Category:OWASP_Guide_Project)).
More info in that link.

------
theboss
This is like....seriously one of the worst documents I've ever read.

------
jbranchaud
Is the meaning of OWASP a commonly known thing? I've never heard of it and
their GitHub repository README fails to expand on its meaning.

~~~
tptacek
It's a community of web application security professionals of varying sorts.
It's a very weird organization.

~~~
werkshy
I don't understand why web professionals are publishing their work in .docx
format, whatever the standard of the writing.

