WebApp Sec: OWASP 2.0 beta 1 available for public comment

["Andrew van der Stock" <vanderaj () greebo net>]

Hi there,

The OWASP Guide 2.0 is due for release at Black Hat this year, and as such
we have to finish it sometime soon. As part of that process, I am
encouraging extremely robust debate and public comments. We want to make
sure that the Guide 2.0 will be a handy compendium for a little while.

The OWASP Guide 2.0 beta 1 available for download from Sourceforge:

http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62287&release_id=333866

PDF (1.5 MB)
MD5 (Guide2.0b1.pdf) = f455497c56c561043d4fdc5d13188064

Microsoft Word (545 kB compressed)
MD5 (Guide2.0b1.doc.zip) = ad6b3bedba4f30ac8aefd0e9feffd401

(Despite its size, the document is actually very structurally simple. I've
tested this with OpenOffice 1.1.2 on my Mac, and it opens fine, so feel
free to use that if you're not a MS fan)

If you have comments, please download the Word version, and mark that up
using Tracking Changes and the "comments" feature built into the reviewing
pane.  I can also view Acrobat comments, but prefer the Word version as
that's the native format.

Release Notes:

* It's not finished. Please don't tell me that :)

* Some sections are in a state of extreme flux. I'm happy to take comments
on chapters that seem in disrepair (such as the Session Management
chapter)

* Please avoid commenting on the data validation chapter as it's being
re-written from the ground up.

Please e-mail your comments directly to me with "OWASP Guide" in the subject.

Thanks,
Andrew