Open amarinso opened 9 years ago
IMHO most of them are already documented. Maybe not in an obvious way so feel free to improve so we make a better impression. Also for direct object references we should properly extend documentation. See #86
I have made recently a short summary about how I think OASP documentation handles the OWASP Top 10 list. Feel free to edit the document and write your own comments.
https://docs.google.com/spreadsheets/d/142Eu-2HRrVSEmXddmsuj0Da5YjxkOY6RjHVH2ud_xBg/edit?usp=sharing
Wow @marpuch, I have to say that yours is an impressive work summarizing all the information. Good information and gives us tips to where to focus effort.
I think the online document will be better to work and to consult, but we had to include it on the documentation somehow, so I've tried to put it in asciidoc format (https://github.com/oasp-forge/oasp4j-wiki/wiki/OWASP-Top-10-security-vulnerabilities) without success as you can see. It is difficult to work with tables in asciidoc that are properly rendered both in web and PDF :-(
@marpuch :+1: great. Thanks. I added comments with prefix "JH:"
As we open-source our assets IMHO we should only put a link from https://github.com/oasp/oasp4j/wiki/guide-security to https://github.com/devonfw/devon-enterprise/wiki/guide-security-introduction Then we can close this. WDYT?
It can be a good idea to collect the actions spread on each section of the guide to show how the top 10 of OWASP are covered. That way we can also verify that we have all them covered.
It also serves as good marketing material to have this analysis in place.