OWASP / www-project-proactive-controls

OWASP Foundation Web Respository
Creative Commons Attribution Share Alike 4.0 International
129 stars 71 forks source link

Stable IDs for (sub-)Headlines of the Proactive Controles #8

Open sslHello opened 3 years ago

sslHello commented 3 years ago

Hi I wonder if you could generate stable IDs for main headlines or even more detailed subtitles as far as you like, please. This could help anybody to get a stable link to the proactive controls (e.g. references from the OWASP Top 10). The IDs should be strctured ID numbers (like in a table of contents). If possible these IDs should be usable as http-anchors to access them from other projects and documents. These IDs should stay stable within a version of the cheat sheets.

Please let me know if I can help you.

Thanks and Cheers Torsten

sslHello commented 3 years ago

I've compiled a basic sheet showing a draft for the main headlines: OWASP_Proactive-Controls_2018_Basic_Data_DRAFT_20210819.xlsx

sslHello commented 3 years ago

Which can be used to generate a machine readable reference tree (Open Security Information Base): OWASP_Proactive-Controls_2018_Basic_OSIB-Attributes_DRAFT_20210819.xlsx PS: Link list has not been generated, yet

andreashappe commented 7 months ago

Hi, I am helping jim out with maintaining this repository. Is this issue still ongoing? If I understood the linked proposal right, the basic idea would be to have stable ids for all subtitles, this sounds like a good idea.

We're currently preparing v4 of the controls, any suggestion how to best to incorporate your idea into them?

cheers, Andreas

sslHello commented 7 months ago

Hi Andreas, thank you for asking. Yes, the idea is to have stable IDs for all titles and if possible, for all sublitle, too. Thes helps to link from one project to the other within or outside OWASP. We'd love to use them for the next version of planned OWASP Top10:2024, too :-).

In the meantime OSIB has advanced to an OWASP project https://owasp.org/www-project-open-security-information-base/ that provides macros that can be used within mkdocs. All the technical stuff is done in the background: For now, I have generated suggested IDs for the headlines of version 3 already, see appendix owasp_proactive_controls_3-0.md (with ID-content root: osib.owasp.opc.3) => you see the results in the YAML file https://raw.githubusercontent.com/OWASP/OSIB/main/osib.yml Look for: "opc:" or "owasp proactive controls" If you like it, you can use this as reference for the version management from version 4 to 3 using the OSIB Macro osib_anchor(osib=osib.owasp.opc.4., ... and one of the attributes "predecessor=, split_from= or merged_from=[, ... ],". When you use the macro this generates html-anchors and a new osib.yaml file that can be provided to the OSIB project and other projects to find automatically the latests version(s) of a control (using the same yaml file).

Hint: The makro works, but the Python script needs to get in a nicer real Python style ...... I am looking for some volunteers that are interested to help me ;-) Cheers Torsten

andreashappe commented 2 months ago

@sslHello This took me longer than expected, but now we have both the 2018 and 2024 top 10 proactive controls in mkdocs format (see also top10proactive.owasp.org).

If I understood you directly, I would install the tool locally and then run it to add the new perma-links to the different # levels. Is there any way to automate this?