Open sslHello opened 3 years ago
I've compiled a basic sheet showing a draft for the main headlines: OWASP_Proactive-Controls_2018_Basic_Data_DRAFT_20210819.xlsx
Which can be used to generate a machine readable reference tree (Open Security Information Base): OWASP_Proactive-Controls_2018_Basic_OSIB-Attributes_DRAFT_20210819.xlsx PS: Link list has not been generated, yet
Hi, I am helping jim out with maintaining this repository. Is this issue still ongoing? If I understood the linked proposal right, the basic idea would be to have stable ids for all subtitles, this sounds like a good idea.
We're currently preparing v4 of the controls, any suggestion how to best to incorporate your idea into them?
cheers, Andreas
Hi Andreas, thank you for asking. Yes, the idea is to have stable IDs for all titles and if possible, for all sublitle, too. Thes helps to link from one project to the other within or outside OWASP. We'd love to use them for the next version of planned OWASP Top10:2024, too :-).
In the meantime OSIB has advanced to an OWASP project https://owasp.org/www-project-open-security-information-base/ that provides macros that can be used within mkdocs. All the technical stuff is done in the background:
For now, I have generated suggested IDs for the headlines of version 3 already, see appendix owasp_proactive_controls_3-0.md (with ID-content root: osib.owasp.opc.3) => you see the results in the YAML file https://raw.githubusercontent.com/OWASP/OSIB/main/osib.yml
Look for: "opc:" or "owasp proactive controls"
If you like it, you can use this as reference for the version management from version 4 to 3 using the OSIB Macro osib_anchor(osib=osib.owasp.opc.4., ... ],".
When you use the macro this generates html-anchors and a new osib.yaml file that can be provided to the OSIB project and other projects to find automatically the latests version(s) of a control (using the same yaml file).
Hint: The makro works, but the Python script needs to get in a nicer real Python style ...... I am looking for some volunteers that are interested to help me ;-) Cheers Torsten
@sslHello This took me longer than expected, but now we have both the 2018 and 2024 top 10 proactive controls in mkdocs
format (see also top10proactive.owasp.org).
If I understood you directly, I would install the tool locally and then run it to add the new perma-links to the different #
levels. Is there any way to automate this?
Hi I wonder if you could generate stable IDs for main headlines or even more detailed subtitles as far as you like, please. This could help anybody to get a stable link to the proactive controls (e.g. references from the OWASP Top 10). The IDs should be strctured ID numbers (like in a table of contents). If possible these IDs should be usable as http-anchors to access them from other projects and documents. These IDs should stay stable within a version of the cheat sheets.
Please let me know if I can help you.
Thanks and Cheers Torsten