Updates to Contribution guide from @meghanjacquot #1983
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@jmanico please approve this |
jmanico
reviewed
Jul 4, 2024
|
|
||
| The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. | ||
|
|
||
| The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. |
There was a problem hiding this comment.
This is a little wordy. Perhaps "The main goal of the OWASP Application Security Verification Standard (ASVS) Project is to make sure that Web application security checks are consistent and thorough, using an open standard that can be used in the market."
There was a problem hiding this comment.
Suggested change
| The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. | |
| The project aims to provide a commercially-usable open standard for web application security with a consistent level of coverage and rigor. |
|
|
||
| ### Where do I start? | ||
| Please also focus attention on the requirements themselves and **not** on the surrounding text or on the introductory chapters (files 0x01-0x04). This is because the text might have become outdated where requirements have changed and also because our goal is to significantly cut down this text in version 5.0. |
There was a problem hiding this comment.
cleanup: "Please focus only on the requirements and not on the surrounding text or introductory chapters (files 0x01-0x04). The text might be outdated due to changes in requirements, and we aim to reduce it significantly in version 5.0."
|
|
||
| There are two key types right now: | ||
|
|
||
| * [](https://github.com/OWASP/ASVS/issues?q=is%3Aopen+is%3Aissue+label%3A%22Community+wanted%22) - These are issues where we would really benefit from more eyes on a particular issue. | ||
| * [](https://github.com/OWASP/ASVS/issues?q=is%3Aopen+is%3Aissue+label%3A%22Community+needed%22) - These are issues where the relevant items will not get progressed without community input. | ||
|
|
||
|
|
||
| Please log ideas, issues or questions here: https://github.com/OWASP/ASVS/issues. It’s helpful to share if you have any ideas or if you find any bugs. We may subsequently ask you to open a pull request, https://github.com/OWASP/ASVS/pulls, based on the discussion in the issue. |
There was a problem hiding this comment.
Cleanup "Please log your ideas, issues, or questions here: https://github.com/OWASP/ASVS/issues. Sharing your ideas or reporting bugs is helpful. Based on the discussion, we might ask you to open a pull request here: https://github.com/OWASP/ASVS/pulls."
| @@ -113,10 +132,10 @@ If you are interested in creating a translation, here are some pointers for how | |||
| * Often there is work to do in creating markdown files or updating the translation to keep it up to date with latest changes. | |||
| * We would request that you base your translation on the 4.0/en folder in the master branch as this is now static at the 4.0.3 version. | |||
| * In order to start a translation, please start by forking the ASVS repository. | |||
| * If you are updating an existing translation which has markdown (just French as at December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | |||
| * if you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2 character language code which will be used for the translation. | |||
| * If you are updating an existing translation which has markdown (just French as of December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | |||
There was a problem hiding this comment.
Changing the French comment and other edits:
* If you are updating a translation that uses markdown, you can modify the files in the existing folder based on the language code (such as /fr for French).
| * If you are updating an existing translation which has markdown (just French as at December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | ||
| * if you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2 character language code which will be used for the translation. | ||
| * If you are updating an existing translation which has markdown (just French as of December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | ||
| * If you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2 character language code which will be used for the translation. |
There was a problem hiding this comment.
Smal edit
* If you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2-character language code used for the translation.
| * When you have completed the translation, please open a Pull Request against the master ASVS branch and one of the leaders will look at integrating it. | ||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble ) | ||
| * Finally, the leader will back port the translation into the branch containing ASVS version which was targeted (at this point, presumably v4.0.3) | ||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble). |
There was a problem hiding this comment.
This is a little strange, perhaps drop the ending?
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble ) | ||
| * Finally, the leader will back port the translation into the branch containing ASVS version which was targeted (at this point, presumably v4.0.3) | ||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble). | ||
| * Finally, the leader will back port the translation into the branch containing the ASVS version which was targeted (at this point, presumably v4.0.3). |
There was a problem hiding this comment.
Well for now it will be 4.0.3 until we have a solid 5.0
tghosth
commented
Jul 21, 2024
|
|
||
| ### Where do I start? | ||
| Please also focus attention on the requirements themselves and **not** on the surrounding text or on the introductory chapters (files 0x01-0x04). This is because the text might have become outdated where requirements have changed and also because our goal is to significantly cut down this text in version 5.0. |
|
|
||
| There are two key types right now: | ||
|
|
||
| * [](https://github.com/OWASP/ASVS/issues?q=is%3Aopen+is%3Aissue+label%3A%22Community+wanted%22) - These are issues where we would really benefit from more eyes on a particular issue. | ||
| * [](https://github.com/OWASP/ASVS/issues?q=is%3Aopen+is%3Aissue+label%3A%22Community+needed%22) - These are issues where the relevant items will not get progressed without community input. | ||
|
|
||
|
|
||
| Please log ideas, issues or questions here: https://github.com/OWASP/ASVS/issues. It’s helpful to share if you have any ideas or if you find any bugs. We may subsequently ask you to open a pull request, https://github.com/OWASP/ASVS/pulls, based on the discussion in the issue. |
| * When you have completed the translation, please open a Pull Request against the master ASVS branch and one of the leaders will look at integrating it. | ||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble ) | ||
| * Finally, the leader will back port the translation into the branch containing ASVS version which was targeted (at this point, presumably v4.0.3) | ||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble). |
| * If you are updating an existing translation which has markdown (just French as at December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | ||
| * if you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2 character language code which will be used for the translation. | ||
| * If you are updating an existing translation which has markdown (just French as of December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | ||
| * If you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2 character language code which will be used for the translation. |
| @@ -113,10 +132,10 @@ If you are interested in creating a translation, here are some pointers for how | |||
| * Often there is work to do in creating markdown files or updating the translation to keep it up to date with latest changes. | |||
| * We would request that you base your translation on the 4.0/en folder in the master branch as this is now static at the 4.0.3 version. | |||
| * In order to start a translation, please start by forking the ASVS repository. | |||
| * If you are updating an existing translation which has markdown (just French as at December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | |||
| * if you are starting a new markdown translation, take a copy of the /en folder and rename it to the 2 character language code which will be used for the translation. | |||
| * If you are updating an existing translation which has markdown (just French as of December 2021), you can make modifications to the files in the existing folder based on language code (just /fr as at December 2021). | |||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble ) | ||
| * Finally, the leader will back port the translation into the branch containing ASVS version which was targeted (at this point, presumably v4.0.3) | ||
| * The leader will also use the relevant scripts to create the documents from the raw markdown (or you can if you want to save us some trouble). | ||
| * Finally, the leader will back port the translation into the branch containing the ASVS version which was targeted (at this point, presumably v4.0.3). |
There was a problem hiding this comment.
Well for now it will be 4.0.3 until we have a solid 5.0
|
|
||
| The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. | ||
|
|
||
| The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. |
There was a problem hiding this comment.
Suggested change
| The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. | |
| The project aims to provide a commercially-usable open standard for web application security with a consistent level of coverage and rigor. |
jmanico
approved these changes
Jul 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This was discussed within the working group.
@meghanjacquot prepared the update
@tghosth reviewed and finalized the text