various minor updates across the guide

Author: jgadsden

.github/workflows/ci.yaml

@@ -44,4 +44,4 @@ jobs:
         uses: actions/[email protected]
 
       - name: spell_checker
-        uses: rojopolis/spellcheck-github-actions@0.37.0
+        uses: rojopolis/spellcheck-github-actions@0.38.0

.github/workflows/pr.yaml

@@ -44,7 +44,7 @@ jobs:
         uses: actions/[email protected]
 
       - name: spell_checker
-        uses: rojopolis/spellcheck-github-actions@0.37.0
+        uses: rojopolis/spellcheck-github-actions@0.38.0
 
   export_draft:
     name: Export epub and pdf (Draft)

.github/workflows/release.yaml

@@ -21,7 +21,6 @@ jobs:
         run: |
           echo "GITHUB_WORKFLOW: ${GITHUB_WORKFLOW}"
           echo "GITHUB_REF_NAME: ${GITHUB_REF_NAME}"
-          pwd
           echo "rename draft to release"
           find draft -name "*.md" -exec sed -i "s|permalink: /draft/|permalink: /release/|" {} +
           find draft -name "*.md" -exec \
@@ -81,7 +80,6 @@ jobs:
 
       - name: Fix up markdown
         run: |
-          pwd
           echo "rename draft to release"
           find release -name "*.md" -exec sed -i "s|permalink: /draft/|permalink: /release/|" {} +
           find release -name "*.md" -exec \
@@ -102,12 +100,11 @@ jobs:
 
       - name: Update pdf and epub assets
         run: |
-          pwd && ls -hal
           cp OWASP_Developer_Guide.pdf assets/exports/.
           cp OWASP_Developer_Guide.epub assets/exports/.
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@v6.0.2
+        uses: peter-evans/create-pull-request@v6.1.0
         with:
           title: |
             Release ${{ github.ref_name }} of Developer Guide

.lycheeignore

@@ -23,3 +23,6 @@ https://hub.docker.com/r/webgoat/webgoat
 # lychee gets confused with the Jekyl image paths
 www-project-developer-guide/assets/images/sdlc_diag.png
 www-project-developer-guide/assets/images/owasp-wayfinder.png
+
+# Google drive tends to need permissions that the link checker does not have
+https://drive.google.com/

contributing.md

@@ -74,6 +74,11 @@ Sub-sections that describe an individual project should follow the same structur
 Note that the page describing a project should not be the same as the project documentation on the OWASP site,
 the Developer Guide should strive to be a ' TL;DR ' for the project running to one or maybe two pages.
 
+### Media kit
+
+The OWASP projects have [media kits][media] that contain biographies of the project leaders and other project media.
+This can be used for images and marketing material.
+
 ### Pull requests
 
 The pull requests have checks applied to them:
@@ -110,8 +115,8 @@ and to install `pyspelling` use pip: `pip install pyspelling`
 The release process is automatic, and triggers when the repo is tagged with a version number.
 To trigger the release this process from within a cloned repo:
 
-1. tag the release, for example: `git tag 4.1.0`
-2. push to the repo, for example: `git push origin 4.1.0`
+1. tag the release, for example: `git tag 4.1.1`
+2. push to the repo, for example: `git push origin 4.1.1`
 
 The github release workflow then creates the pull request
 with modifications to the release area promoted from the draft area.
@@ -128,6 +133,7 @@ using the wording from the previous releases as a guide to the release notes.
 [dashboard]: https://github.com/orgs/OWASP/projects/14/views/1
 [issues]: https://github.com/OWASP/www-project-developer-guide/issues/new/choose
 [lychee-install]: https://lychee.cli.rs/
+[media]: https://drive.google.com/drive/folders/1Ft8Ll0cgw0TIoub6aXTIJDmy0sk1RarU
 [pandoc-install]: https://pandoc.org/installing.html
 [release]: https://github.com/OWASP/www-project-developer-guide/releases
 [request]: https://github.com/OWASP/www-project-developer-guide/pulls

draft/03-introduction.md

@@ -12,6 +12,18 @@ permalink: /draft/introduction/
 
 {% include breadcrumb.html %}
 
+<style type="text/css">
+.image-right {
+  height: 180px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  float: right;
+}
+</style>
+
+![Developer Guide](../../assets/images/dg_logo.png "OWASP Developer Guide"){: .image-right }
+
 ### 1. Introduction
 
 Welcome to the OWASP Development Guide.
@@ -46,16 +58,20 @@ All OWASP projects are open source; do get involved if you are interested in imp
 
 The OWASP Developer Guide has been written by the security community to help software developers write solid,
 safe and secure applications.
-Developers should try and be familiar with most of this guide; it will help to write solid applications.
+Developers should try and be familiar with most of this guide; it will help to write applications that are more secure.
+
+You can think of this guide as a cross-reference source to the many tools and documents that OWASP provide for developers.
+
+Or you can regard the purpose of this guide as answering the question:
+ “I am a developer and I need a reference guide to navigate the numerous security tools
+ and security activities that I know I should be doing.
 
-You can regard the purpose of this guide as answering the question:
- “I am a developer and I need a reference guide to describe the security activities I really should be doing
- and to navigate the numerous security tools and projects”
+Or think of it as a collection of articles that introduce developers to the wide domain of application security.
 
 Or you can regard this guide as a companion document to the OWASP [Application Wayfinder][wayfinder] project:
 the Wayfinder mapping out the many OWASP tools, projects and documents with the Developer Guide providing some context.
 
-![Application Wayfinder Diagram](../assets/images/owasp-wayfinder.png "OWASP Application Wayfinder")
+[![Application Wayfinder Diagram](../assets/images/owasp-wayfinder.png "OWASP Application Wayfinder")][wayfinder]
 
 ----
 

index.md

@@ -19,7 +19,17 @@ pitch: The Developer Guide allows businesses, developers, designers
 {% assign site_base_url = site.github.url | replace: 'owasp.github.io','owasp.org' | replace: 'http://', 'https://' %}
 {% endif %}
 
-![Developer Guide](assets/images/dg_logo.png "OWASP Developer Guide"){: height="220px" }
+<style type="text/css">
+.image-right {
+  height: 180px;
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+  float: right;
+}
+</style>
+
+![Developer Guide](assets/images/dg_logo.png "OWASP Developer Guide"){: .image-right }
 
 The [OWASP Developer Guide](release) provides an introduction to security concepts
 and a handy reference for application and system developers.
@@ -28,19 +38,20 @@ it rarely tries to go into detail on a subject and instead provides links for gr
 The content of the Developer Guide aims to be accessible, introducing practical security concepts
 and providing enough detail to get developers started on various OWASP tools and documents.
 
+The intended audience of the Developer Guide is application developers working in various domains
+such as web, desktop, mobile, API and cloud.
+
 ### History
 
 Along with the OWASP Top Ten, the Developer Guide is one of the original resources
 published soon after OWASP was formed in 2001.
 Version 1.0 of the Developer Guide was released in 2002
 and then there were various [releases][versions] up to version 2.0 in 2005.
+After discussions and iterations throughout 2023 and 2024, the Developer Guide has now been updated
+for the modern security landscape using contributions from the wider application security community.
 
-After much effort throughout 2023 and early 2024 the Developer Guide has been updated for the modern security landscape.
-The intended audience of the Developer Guide is application developers (web, desktop, mobile, and cloud)
-and API developers, and has been written using contributions from the wider application security community.
-
-The [draft version](draft) is a work in progress and is subject to large scale and frequent changes.
 Periodically the draft version is tagged and the contents promoted to the [release area](release) of the Developer Guide.
+The [draft version](draft) is a work in progress and is subject to large scale and frequent changes.
 
 ### Contributing