CheatSheetSeries icon indicating copy to clipboard operation
CheatSheetSeries copied to clipboard
verified publisher icon OWASP

New CS proposal: Secure Design Principles

Open infosecdad opened this issue 4 years ago • 8 comments

What is the proposed Cheat Sheet about?

Core Principles for Secure Design

What security issues are commonly encountered related to this area?

Insecure Design

What is the objective of the Cheat Sheet?

To help developers with secure design and architecture, it's a gap in OWASP offerings at the moment.

What other resources exist in this area?

There used to be a section from the old dev guide. https://github.com/OWASP/DevGuide/blob/master/02-Design/01-Principles%20of%20Security%20Engineering.md

A variant of guidance from the UK https://www.ncsc.gov.uk/collection/cyber-security-design-principles/cyber-security-design-principles

CISA Archive https://us-cert.cisa.gov/bsi/articles/knowledge/principles/design-principles

infosecdad avatar Aug 12 '21 22:08 infosecdad

Hey @infosecdad this is a good idea. Do you want to create it? We will review and help you with the process.

mackowski avatar Aug 13 '21 12:08 mackowski

Old new cheat sheet proposal; I am closing this.

mackowski avatar Jun 13 '22 11:06 mackowski

I believe this should be reopened as this is an invaluable resource.

Some of the other places I have found valuable information regarding this topic: https://patchstack.com/articles/security-design-principles-owasp/ https://www.linkedin.com/learning/csslp-cert-prep-3-secure-software-design/secure-design-principles-and-patterns https://www.ncsc.gov.uk/collection/cyber-security-design-principles https://medium.com/ouspg/security-design-with-principles-a8c045765b93

marion-cable avatar Sep 22 '22 07:09 marion-cable

If it's reopened, I'll write it; I have more sources that I found in the last six months.

infosecdad avatar Sep 22 '22 12:09 infosecdad

Sure, it would be cool to create this CS! If someone can write draft of the ToC for it that would be awesome.

mackowski avatar Sep 22 '22 13:09 mackowski

Do you have a template you would like me to follow or is it best to just look at others and mimic?

infosecdad avatar Sep 22 '22 13:09 infosecdad

From the ReadMe `- Start with a H1 of the cheat sheet name

  • The first section of the cheat sheet should be an introduction which briefly sums up the contents, and provides a short list of key bullet points.
  • The table of contents will be automatically generated on the site, so does not need to be added as a section.
  • Headings should have a blank line after them.`

marion-cable avatar Sep 22 '22 13:09 marion-cable

We do not have a template. Just bullet points/headers that we will fill the content.

mackowski avatar Sep 22 '22 13:09 mackowski

@infosecdad Let me know when you would like a proof read or any other input from myself.

marion-cable avatar Sep 26 '22 08:09 marion-cable

Hey @infosecdad 👋 I am interested in helping contribute to this - what's the current status? Is there a branch I can review and contribute to / collaborate with you?

nekosoft avatar Dec 18 '22 11:12 nekosoft

Hey @nekosoft there is no work done yet for this issue. If you want to start it would be awesome! it is easier to find contributors if you already have some content ToC :)

mackowski avatar Dec 20 '22 09:12 mackowski

Apologies, this semester was wicked busy, and I finished up finals last night. I have a draft that I will submit later today, thanks for the patience!

infosecdad avatar Dec 20 '22 12:12 infosecdad

I will close this issue as we have new https://github.com/OWASP/CheatSheetSeries/issues/1114

mackowski avatar Jun 13 '23 12:06 mackowski