Skip to content

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Notifications You must be signed in to change notification settings

ThRiLKiLKuLt/CheatSheetSeries

 
 

Repository files navigation

StatusTrackingBadge CSMigrationCounterBadge LicenseBadge LinterCheckStatusForReleasedCS

Welcome to OWASP Cheat Sheet Series V2

This repository will contains all the cheat sheets of the project and will represent the V2 of the OWASP Cheat Sheet Series project.

Migration process

A mass conversion from Mediawiki to GitHub flavored Markdown format has been performed using this tool based on PANDOC on 26th of december 2018 on all OWASP wiki pages flagged as Cheatsheets.

⚠️ Cheat Sheets content is now frozen from this date:

  • No modification will be performed anymore on the wiki content.
  • Any modification will be made on this repository using the contribution issue template defined in this document/repository.

Folders

cheatsheets_to_convert:

  • Contains the cheat sheets markdown files converted with PANDOC and for which a convertion work is needed in order to be cleanly converted to Github markdown.

cheatsheets_excluded:

  • Contains the cheat sheets markdown files converted with PANDOC and for which a discution must be made in order to decide if we include them into the V2 of the project due to the content has not been updated since a long time or is not relevant anymore.

cheatsheets:

  • Contains the final cheat sheets files.
  • Any .md file present at the root of this folder is considered as converted and the associated cheat sheet is considered released.

assets:

  • Contains the assets used by the cheat sheets (images, pdf, zip...).
    • Naming convention is [CHEAT_CHEET_MARKDOWN_FILE_NAME]_[IDENTIFIER].[EXTENSION]
    • Use PNG format for the images.

scripts:

  • Contains all the utility scripts used to operate the project (linter audit...).

templates:

  • Contains templates used for different kinds of files (cheatsheet...).

.github:

  • Contains materials used to configure different behaviors of GitHub.

Conversion rules

  • Use the markdown syntax described in this guide.
  • Use this sheet for Superscript and Subscript characters.
  • Store all assets in the assets folder and use the following syntax:
    • ![ALTERNATE_NAME](../assets/ASSET_NAME.png) for the insertion of an image.
    • [ALTERNATE_NAME](../assets/ASSET_NAME.EXT) for the insertion of other kinds of media (pdf, zip...).
  • Use ATX style (# syntax) for section head.
  • Use **bold** syntax for bold text.
  • Use *italic* syntax for italic text.
  • Use TAB for nested lists and not spaces.
  • Use code fencing syntax along syntax highlighting for code snippet (prevent when possible horizontal scrollbar).
  • No HTML code is allowed, only markdown syntax is allowed!
  • Use this site for generation of tables.
  • Use a single new line between a section head and the begining of its content.

Editor & validation policy

Visual Studio Code is used for the work on the markdown files.

The file Project.code-workspace is the workspace file in order to open the project in VSCode.

The following plugin is used to validate the markdown content.

The file .markdownlint.json define the central validation policy applied at VSCode (IDE) and TravisCI (CI) levels.

Details about rules is here.

Migration tasks list

CS = Cheat Sheet

  • Task 01: Migrate all the CS files of the folder cheatsheets_to_convert.
  • Task 02: Update each OWASP WIKI page associated to a CS in order to indicate the redirection to the GitHub location in order to do not break cross-reference to CS.
  • Task 03: Create a Python script to auto-generate an markdown index page of all CS like this page.
  • Task 04: Create a markdown template file for the new CS.
  • Task 05: Create the index page of the repository based on this README file to provide all the information about the repository and how to contribute.
  • Task 06: Migrate the project Trello board content to Issues in this repository
    • Create labels for: Request from OPC, Internal task...
  • Task 07: Create all the materials to generate a PDF file of all the CS, automate it via a CircleCI job.
  • Task 08: Create a template for the pull request in order to add a checklist like the one created by the MSTG.
  • Task 09: Add a CI job to validate automatically the Pull Request when they are submitted.

License

LICENSE

How to contribute?

Follow these steps:

  1. Create an new Issue using either:
    • The new_cheatsheet_proposal template if you want to propose a new cheat sheet.
    • The update_cheatsheet_proposal template if you want to modify a existing cheat sheet.
  2. After a discution on the topic/update and if the proposal is accepted then:
    1. Clone this GitHub repository.
    2. Either:
    • Create the cheat sheet using the dedicated template in case of a new cheat sheet.
    • Modify the target cheat sheet in case of a update/refactoring.
    1. Submit your Pull Request.

About

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%