OWASP Wiki content update: Redirect CS pages to GitHub MD files

[righettod]

Goal

This issue has been created in order to track and provide information about the update of the OWASP wiki content of the project in order to replace every cheat sheet wiki page content with a redirection ,along a text, pointing to the associated markdown file hosted in this repository.

❗ Important note: Only cheat sheets for which a file in the folder cheatsheets is present must be updated.

The list of the cheat sheet wiki pages is here.

This is the content (mediawiki format) to use:

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [FULL_URL_TO_MD_FILE CHEAT_SHEET_NAME] to see the latest version of the cheat sheet.

Example:

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Abuse_Case_Cheat_Sheet.md Abuse Case Cheat Sheet] to see the latest version of the cheat sheet.

Help

Anyone with a OWASP wiki account can help for this task, just post a comment on this issue with the name of the cheat sheet that you have ou you will handle in order to allow a little sync between contributors 😃

Thanks you

I thanks you very much in advance any contributor that will help us in this step of the migration 👍

[ghost]

Since I did PHP I will take the P's :)

Also I will look into adding a PL/SQL Cheatsheet (legacy but still common Oracle DB language). There is one sitting in the OWASP Wiki.

LAST POINT: If you need help / volunteers more than you have now, would you consider adding the labels "good first issue" and "help-wanted" to this? We got a surprising amount of new ppl in the OpenEMR project (a repo where I do a lot of work) by adding those things, was super surprising.

[righettod]

@danehrlich1:
Thanks for the PHP CS 😃
This CS talk about PL/SQL. If think that it can be good idea to enhance it with the content proposed.
Can you give more hint about the proposed labels?
Thanks you very much in advance 😃

[ghost]

I worked at Oracle for 4 years so the PL/SQL cheat sheet should be pretty easy for me. I am going to reach out to the Product Manager for it after I am done and see if they have any suggestions too.

…

On Feb 12, 2019, at 4:20 AM, Dominique RIGHETTO ***@***.***> wrote: @danehrlich1: Thanks for the PHP CS 😃 This CS talk about PL/SQL. If think that it can be good idea to enhance it with the content proposed. Can you give more hint about the proposed labels? Thanks you very much in advance 😃 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[righettod]

OK thanks you for the feedback.

[mackowski]

I will take the A's

[mackowski]

I updated wiki for A's and B's (Bean Validation Cheat Sheet)
@righettod take a look if this is what you need or what else should be changed. Tomorrow I will continue.

On wiki there are two CSs that are not present on github:

• https://www.owasp.org/index.php/Android_Testing_Cheat_Sheet
• https://www.owasp.org/index.php/Authentication_Cheat_Sheet_Espa%C3%B1ol

Maybe we should delete them?

[righettod]

I have still CS to migrate and there CS for which we must discuss if we migrate them or not. They are into the "cheatsheet_excluded" folder.

[righettod]

For Android let the message because it is already a redirection to MSTG. For the second you can redirect it to the english one. Thanks you very much for your help

[ThunderSon]

After discussing with @righettod I've been using the following format example:

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>

The Cheat Sheet Series project has been moved to [https://github.com/OWASP/CheatSheetSeries GitHub]!

Please visit [https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DotNet_Security_Cheat_Sheet.md .NET Security Cheat Sheet] to see the latest version of the cheat sheet.

I have edited the Bean CS @mackowski for you.
My message as well while changing is: Migration to GitHub

[righettod]

Sorry it is my fault... I forgot to specify to remove the footer along the TOC and the modification tag :(

[mackowski]

No problem. I will update them :)

[righettod]

Thanks you very much for your understanding. Thanks a lot to all of you for your help!!!

[ThunderSon]

Migration is done. The pages that are still in the CS project don't have any markdown file or are excluded.
There is a grammar error for Unvalidated Redirects and Forwards Cheat Sheet which should be Invalidated. Should we fix it?
Below is the list of migrated cheat sheets:

• AJAX Security Cheat Sheet
• .NET Security Cheat Sheet
• C-Based Toolchain Hardening Cheat Sheet
• Choosing and Using Security Questions Cheat Sheet
• Clickjacking Defense Cheat Sheet
• Credential Stuffing Prevention Cheat Sheet
• Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
• Cryptographic Storage Cheat Sheet
• Denial of Service Cheat Sheet
• Deserialization Cheat Sheet
• DOM based XSS Prevention Cheat Sheet
• Error Handling Cheat Sheet
• Forgot Password Cheat Sheet
• HTML5 Security Cheat Sheet
• HTTP Strict Transport Security Cheat Sheet
• Injection Prevention Cheat Sheet in Java
• Input Validation Cheat Sheet
• Insecure Direct Object Reference Prevention Cheat Sheet
• JAAS Cheat Sheet
• JSON Web Token (JWT) Cheat Sheet for Java
• Key Management Cheat Sheet
• LDAP Injection Prevention Cheat Sheet
• Logging Cheat Sheet
• OS Command Injection Defense Cheat Sheet
• Password Storage Cheat Sheet
• Pinning Cheat Sheet
• Protect FileUpload Against Malicious File
• Query Parameterization Cheat Sheet
• REST Assessment Cheat Sheet
• REST Security Cheat Sheet
• Ruby on Rails Cheatsheet
• SAML Security Cheat Sheet
• SQL Injection Prevention Cheat Sheet
• Securing Cascading Style Sheets (CSS) Cheat Sheet
• Session Management Cheat Sheet
• TLS Cipher String Cheat Sheet
• Threat Modeling Cheat Sheet
• Transaction Authorization Cheat Sheet
• Transport Layer Protection Cheat Sheet
• Unvalidated Redirects and Forwards Cheat Sheet
• User Privacy Protection Cheat Sheet
• Virtual Patching Cheat Sheet
• Vulnerability Disclosure Cheat Sheet
• XSS (Cross Site Scripting) Prevention Cheat Sheet

[righettod]

Thanks you very much 👍

I will finish to migrate the remaining CS from folder cheatsheets_to_convert in the coming days and i will take in charge the wiki links update for these pages.

You can fix to typo mentioned, i will rebuild the index after the PR...

For the CS in folder cheatsheets_excluded i will create a dedicated issue in order to start a discution about the content and decide together if we migrate them or if we decide to refactor the content.

Thanks for all 😃

[jmanico]

Thank you so much for this work! And yes we likely should rename redirects. Again thank you for your help! Aloha, Jim

On 2/14/19 5:27 AM, ThunderSon wrote: Migration is done. The pages that are still in the CS project don't have any markdown file or are excluded. There is a grammar error for |Unvalidated Redirects and Forwards Cheat Sheet| which should be |Invalidated|. Should we fix it? Below is the list of migrated cheat sheets: * AJAX Security Cheat Sheet * .NET Security Cheat Sheet * C-Based Toolchain Hardening Cheat Sheet * Choosing and Using Security Questions Cheat Sheet * Clickjacking Defense Cheat Sheet * Credential Stuffing Prevention Cheat Sheet * Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet * Cryptographic Storage Cheat Sheet * Denial of Service Cheat Sheet * Deserialization Cheat Sheet * DOM based XSS Prevention Cheat Sheet * Error Handling Cheat Sheet * Forgot Password Cheat Sheet * HTML5 Security Cheat Sheet * HTTP Strict Transport Security Cheat Sheet * Injection Prevention Cheat Sheet in Java * Input Validation Cheat Sheet * Insecure Direct Object Reference Prevention Cheat Sheet * JAAS Cheat Sheet * JSON Web Token (JWT) Cheat Sheet for Java * Key Management Cheat Sheet * LDAP Injection Prevention Cheat Sheet * Logging Cheat Sheet * OS Command Injection Defense Cheat Sheet * Password Storage Cheat Sheet * Pinning Cheat Sheet * Protect FileUpload Against Malicious File * Query Parameterization Cheat Sheet * REST Assessment Cheat Sheet * REST Security Cheat Sheet * Ruby on Rails Cheatsheet * SAML Security Cheat Sheet * SQL Injection Prevention Cheat Sheet * Securing Cascading Style Sheets (CSS) Cheat Sheet * Session Management Cheat Sheet * TLS Cipher String Cheat Sheet * Threat Modeling Cheat Sheet * Transaction Authorization Cheat Sheet * Transport Layer Protection Cheat Sheet * Unvalidated Redirects and Forwards Cheat Sheet * User Privacy Protection Cheat Sheet * Virtual Patching Cheat Sheet * Vulnerability Disclosure Cheat Sheet * XSS (Cross Site Scripting) Prevention Cheat Sheet — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#9 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAgcCdrfAaOIPvNgeDvVX-MrgsyvZNcFks5vNYB0gaJpZM4aylF3>.

-- Jim Manico Manicode Security https://www.manicode.com

[righettod]

I have updated the wiki link to reflect the state of the migration. Only the XSS Filter Evasion CS do not appear in the wiki and has been missed by me in the initial translation process from Mediawiki to Markdown format, i will do it after have migrated the last CS from the folder cheatsheets_to_convert.

About CS for which the migration state must be discussed, i have opened the issue #13 and i have added a special message on the wiki page on the related CS pointing to this issue along the CS project GitHub repo:

The Cheat Sheet Series project has been moved to GitHub!

An open discussion is pending about to exclude or not this cheat sheet 
of the V2 of the project. 

[righettod]

All CS has been migrated and links has been updated.

[ThunderSon]

Descriptions on the OWASP website needs to be tracked for updates/changes for redirection purposes. One example is the CSP CS.

[righettod]

CSP was indeed the latest CS to be migrated, but I think we can remove the remaining CSs that are part of the task #13 because we do not have feedback from the community...
@mackowski @ThunderSon What do you think?

[ThunderSon]

As I have already said my opinion on the mentioned task, I do not mind closing it.

[mackowski]

Maybe we should:

1. update wiki with redirection for CSP CS.
2. update wiki - inform that rest of excluded CSs are excluded with link to Discussion about excluded cheat sheet from the migration #13
3. remove remaining CSs from github

[righettod]

I like the proposal of @mackowski because it allow to close the migration task once for all.
However, I can understand the issue raised by @ThunderSon.
If i well understand, the issue raised is the risk that someone still create a CS on the wiki. i'm right?

[ThunderSon]

There is no risk/issue. It's simply updating the migration process. We did the migration the first time, and after certain excluded CSs that were included again, we need to update the migration done and keep track. Nothing more nothing less :)

[righettod]

Ah ok, thanks you very much for the clarification.
So we will act in this way 😃

[righettod]

Now we must track reference to the MD files and update them to point to the site: https://cheatsheetseries.owasp.org/
We can use this site to have the list of the Wiki page to update:
https://www.yeahhub.com/top-65-owasp-cheat-sheet-collections-all-in-one
I have updated all the wiki page that I have found 😃

[righettod]

Migration is now totally finished and residual files on the WIKI has been updated.