Hacker News new | past | comments | ask | show | jobs | submit login
OWASP Developer Guide (github.com/owasp)
35 points by arunc on May 30, 2014 | hide | past | favorite | 13 comments



The "Cryptography Guide" under the "Build" section of this work is truly a work of... some sort.

https://github.com/OWASP/DevGuide/blob/master/DevGuide3.0/03...


Perhaps the idea is to annoy knowledgeable people enough that they will rise up and edit until OWASP is left with an actually-decent reference?


This has been its state for quite a few years now.


I really want OWASP to be high quality and up-to-date because I feel like there are too many commercial efforts out there; it takes away from the old school hacker community spirit to see all these books on Amazon, hack this, and hack that. OWASP folks are really great people, and I feel like there could be more urgency and edge to what they do.


Since it appears to be completely non-obvious what is going on here, this is an in-development update of the current development guide (https://www.owasp.org/index.php/Category:OWASP_Guide_Project). More info in that link.


This is like....seriously one of the worst documents I've ever read.


Is the meaning of OWASP a commonly known thing? I've never heard of it and their GitHub repository README fails to expand on its meaning.


It's a community of web application security professionals of varying sorts. It's a very weird organization.


I don't understand why web professionals are publishing their work in .docx format, whatever the standard of the writing.


OWASP is fantastic organisation of Web Application Professionals. Some of their early work was the publication of the OWASP Top Ten, which went a long way to highlighting the importance web application security to organisations.

But they have become less and less relevant in recent years, rather than more relevant. Their previous work on the OWASP Testing Guide, and OWASP Developer Guide are excellent, but are becoming dated now; there are several efforts to bring this up to date.


The Open Web App Security Project has a pretty good (but alas not very up-to-date) catalogue of common web application exploits.


Could you point me to alternatives that are more up-to-date?


Nope. There is a presentation on cookie tossing, but scant else.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: