Introduction
This book contains the blog posts written by Dinis Cruz on OWASP (and other philosophical ideas)
This section has the following chapters:
Change log:
Here are the changes made (per version):
v0.12 (07 April)
- Renamed all files (using FluentSharp script) so that they all have Underscores instead of spaces (making them easier to link in GitHub)
- Updated main README.md file. Added Table_of_Contents.md file for GitHub
- Added links to Table_of_Contents and all chapter README files
v0.11 (30 March)
- created GitHub repo https://leanpub.com/Thoughts_OWASP (and added all previous DropBox content to that repo)
- renamed ALL posts (to make it easier to read what they are about); set their extension to .md (for Markdown) and moved them into ‘Chapter specific’ folder (which works when there are no images)
- created the following chapters: “OWASP Organization” ,”OWASP Projects” ,”OWASP Summits” ,”OWASP Education” ,”OWASP MIA” ,”Philosophy”, “Application Security Industry”
v0.10 (23 March)
- First release of book with raw import from blogger posts (no formatting or editing done)
- added cover to eBook version
Why This book
I put this book together because I wanted to capture the evolution of my ‘Thinking on OWASP’. Although I don’t think that all my thoughts/ideas are correct or any good, I do feel that some are OK and deserve to be preserved and shared.
I also think that it is important for the new generations of OWASP Leaders to understand the past and to learn from what has happened before. Specially important is to learn from others mistakes (like mine).
Also captured in this book are a number of mine ‘soul searching’ and ‘philosophy’ based posts. I hope you like them :)
GitHub Repository
The content (and version control) of this book is managed using Git. The GitHub repository is the https://github.com/DinisCruz/Book_Thoughts_OWASP and you are free to fork it and use the content as you please
The selection criteria
The initial import from my blog was made of 76 blog posts which resulted in an book with 256 pages and 54,277 words. Part of that list where a number of posts that covered a wide range of OWASP topics (which is why I used the OWASP tag them on them), but since this is more of a ‘ideas’ book, I used the following criteria to trim the content (also note that most of this posts will exist on other books).
Here are the posts removed:
posts about specific OWASP projects
- “Another step in the use of ESAPI and AppSensor Jars from .Net/C# (using Jni4Net) “
- “Loading OWASP ESAPI jar and its dependencies from C# (using jni4net)”
- “Creating a clone of WebGoat on GitHub”
- “Help out with WebGoat .NET development”
- “Is this a safe way to do a .NET Server Redirects? (and deal with A10: Unvalidated Redirects and Forwards)”
- “O2 Script to create Google Static map with OWASP UK Chapter locations”
- “OWASP AppSensor and O2 Platform at Security B-Sides London”
- “Should Mass Assignment be an OWASP Top 10 Vulnerability?”
- “Stats used to support OWASP Top 10 entries (next version must publish them)”
- “Trying Google Groups as the OWASP O2 Platform mailing list”
- “WebGoat.NET in Action (and how I set-it up)”
posts about specific OWASP Events (most of which are now not relevant)
- “Call For Training - OWASP 2013 LATAM Tour”
- “OWASP Connector January 22, 2013”
- “OWASP Connector January 8, 2013”
- “OWASP is Hiring a FT Event Manager (35k USD)”
- “OWASP Royal Holloway Next Chapter Meeting - Thurs 10 May :30-9pm”
- “Presenting at OWASP Turkey Chapter on Sat 10th of November (on Secure Continuous Delivery)”
- “The Projects Summit 2013 is happening: GET INVOLVED!!!!”
misc topics
- “Great animation that shows how BootStrapToday works”
- “OWASP Press and using LeanPub with GitHub and DropBox”
- “SI Open Sources the Eclipse Plugin-development toolkit that I developed for TeamMentor”
- “SRE and Package HtmlAgilityPack Sanitizer as a stand alone module (at OWASP .Net)”
- “Submitting a request to the OWASP Platform”
- “To read: ENISA on ‘National Cyber Security Strategies’”
- “The Power of UnitTests when refactoring code (for example Security Pages)”
- “Using 99Designs for Design services”
- “What do the Twitter backups downloadable files look like”
- “Contract work to help with OWASP Wiki edits”