OWASP Guide Project Roadmap

The project team is setting out to make the Development Guide useful as a list of appropriate controls for the creation of web applications, SOAP and REST web services and Ajax front ends.

Current status
The current draft has a great deal of material ready to be donated to the ADSR and other Guides. These will be shifted by Kirsten Sitnick, our technical editor.

The remaining material needs to be re-written to be consistent in form throughout, and concentrate solely on controls. If there are issues with a particular control, these should be highlighted in the Testing or Code Review Guide, with only a short explanation in the Development Guide.

Complete
None

Technical Edits

 * Frontispiece 0%
 * About The Open Web Application Security Project 0%
 * Introduction 0%
 * What are web applications? (TBA - may go entirely)
 * Policy Frameworks (TBA - may go entirely)
 * Secure Coding Principles
 * Threat Risk Modeling
 * Handling E-Commerce Payments (TBA - may be rolled into common business scenarios)
 * Phishing (TBA - may be rolled into common business scenarios)
 * Web Services (TBA - most likely will be donated to the WS project)
 * Ajax and Other "Rich" Interface Technologies (TBA - most likely will be donated to the Ajax project)
 * Authentication 0%
 * Authorization 0%
 * Session Management 0%
 * Validation 0%
 * Canonicalization, locale and Unicode (TBA - may be rolled into data validation)
 * Presentation Layer 0% - not written yet
 * Business Logic 0% - not written yet
 * Data Layer 0% - not written yet
 * File System 0%
 * Distributed Computing 0%
 * Interpreter Injection (TBA - most likely will be rolled into Testing and Code Review Guides)
 * Error Handling, Auditing and Logging 0%
 * Buffer Overflows 0% - TBA - may remove entirely
 * Administrative Interfaces 0%
 * Cryptography 0%
 * Configuration 0%
 * Software Quality Assurance 0%
 * Deployment 0%
 * Maintenance 0%
 * GNU Free Documentation License (TBA - will change to CC SA license)
 * References 0%

Re-writes

 * Frontispiece 0%
 * About The Open Web Application Security Project 0%
 * Introduction 0%
 * What are web applications? (TBA - may go entirely)
 * Policy Frameworks (TBA - may go entirely)
 * Secure Coding Principles
 * Threat Risk Modeling
 * Handling E-Commerce Payments (TBA - may be rolled into common business scenarios)
 * Phishing (TBA - may be rolled into common business scenarios)
 * Web Services (TBA - most likely will be donated to the WS project)
 * Ajax and Other "Rich" Interface Technologies (TBA - most likely will be donated to the Ajax project)
 * Authentication 0%
 * Authorization 0%
 * Session Management 0%
 * Validation 0%
 * Canonicalization, locale and Unicode (TBA - may be rolled into data validation)
 * Presentation Layer 0% - not written yet
 * Business Logic 0% - not written yet
 * Data Layer 0% - not written yet
 * File System 0%
 * Distributed Computing 0%
 * Interpreter Injection (TBA - most likely will be rolled into Testing and Code Review Guides)
 * Error Handling, Auditing and Logging 0%
 * Buffer Overflows 0% - TBA - may remove entirely
 * Administrative Interfaces 0%
 * Cryptography 0%
 * Configuration 0%
 * Software Quality Assurance 0%
 * Deployment 0%
 * Maintenance 0%
 * GNU Free Documentation License (TBA - will change to CC SA license)
 * References 0%

Overall progress
0%