OWASP
Update: Suggestion to Modernize "Abuse Case Cheat Sheet"
First of all — thank you for the OWASP Cheat Sheet Abuse Case resource, it’s been a good starting point for onboarding teams into abuse case modeling.
As a Chief Software Architect with hands-on experience in modern technology stacks (Cloud-Native, Microservices, Micro-Frontend, and DevSecOps), particularly in designing large-scale secure enterprise architectures, I’ve noticed that some of the content are outdated and there are few gaps as per the latest technology trends. I would like to know if there are any plan to improve or modernize the abuse case cheat sheet which covers the following areas in future updates.
- OWASP Top 10 2021 alignment
- Cloud-Native & Containerized environment,
- API, and microservice context
- DevSecOps & Toolchain integration
- Real-World Examples & Specific Abuse.
I propose updating the abuse cases with examples and relevant references.
I would be happy to contribute to such an update if there is interest.
This would be greatly appreciated. We'd be happy to review your PRs to improve the cheat sheet. My only request is that you try to do smaller incremental PRs rather than one all-containing one in order to allow easier reviewing and therefore quicker republishing of each improvement.
Thanks for this response.
As per your suggestion I will start with smaller, Incremental PRs to ensure clarity and ease of review.
Here is the order I am planning to create PRs for review
- API & Microservices
- Cloud Native & Containerized Environment
- DevSecOps & Toolchain integration
- Real-World examples and specific abuse
- OWASP Top 2021 Alignment
I listed OWASP Top 10 (2021) last because it’s going to be a bigger update than the others.
Please suggest if I need to change the order of PR for review.
Thanks for jumping in here @ajayojha :) Big fan of your contributions to ASVS so far.
Thanks for jumping in here @ajayojha :) Big fan of your contributions to ASVS so far.
Thank you @jmanico
