add content for flagship projects

Author: jgadsden

.wordlist.txt

@@ -423,3 +423,9 @@ linux
 Katana
 katana
 VirtualBox
+defacto
+APIT
+enum
+intel
+subcommand
+subcommands

assets/exports/OWASP_Developer_Guide.epub

@@ -18,7 +18,7 @@ The OWASP Top Ten is a very well known list of web application security risks,
 and is included by the OWASP Software Assurance Maturity Model [(SAMM)][samm]
 in the Education & Guidance practice within the Governance business function.
 
-### Overview
+#### Overview
 
 The OWASP [Top 10 Web Application Security Risks][top10] project is probably the most well known security concept
 within the security community, achieving wide spread acceptance and fame soon after its release in 2003.
@@ -159,7 +159,7 @@ especially for cloud services and more complex application architectures.
 
 This is a new category introduced in 2021 with a single (for now) [Cheat Sheet][a10cs] that deals with SSRF.
 
-### OWASP top tens
+#### OWASP top tens
 
 There are various 'Top 10' projects created by OWASP that, depending on the context,
 may also be referred to as 'OWASP Top 10'. Here is a list of the stable 'OWASP Top 10' projects:

assets/exports/OWASP_Developer_Guide.pdf

@@ -11,7 +11,7 @@ order:
 
 {% include breadcrumb.html %}
 
-## 4.1 Threat modeling
+### 4.1 Threat modeling
 
 Referring to the [Threat Modeling Cheat Sheet][tmcs],
 threat modeling is a structured approach of identifying and prioritizing potential threats to a system.

draft/04-foundations/05-top-ten.md

@@ -12,7 +12,7 @@ permalink: /draft/design/threat_modeling/
 
 {% include breadcrumb.html %}
 
-## 4.1 Threat modeling
+### 4.1 Threat modeling
 
 Referring to the [Threat Modeling Cheat Sheet][tmcs],
 threat modeling is a structured approach of identifying and prioritizing potential threats to a system.

draft/06-design/01-threat-modeling/00-toc.md

@@ -11,7 +11,7 @@ order:
 
 {% include breadcrumb.html %}
 
-## 4.2. Web application checklist
+### 4.2 Web application checklist
 
 Checklists are a valuable resource for development teams.
 They provide structure for establishing good practices and processes

draft/06-design/01-threat-modeling/toc.md

@@ -12,7 +12,7 @@ permalink: /draft/design/web_app_checklist/
 
 {% include breadcrumb.html %}
 
-## 4.2. Web application checklist
+### 4.2 Web application checklist
 
 Checklists are a valuable resource for development teams.
 They provide structure for establishing good practices and processes

draft/06-design/02-web-app-checklist/00-toc.md

@@ -11,7 +11,7 @@ order:
 
 {% include breadcrumb.html %}
 
-## 5.1 Documentation
+### 5.1 Documentation
 
 Documentation is used here as part of the SAMM [Training and Awareness][sammgegta] activity,
 which in turn is part of the SAMM [Education & Guidance][sammgeg] security practice

draft/06-design/02-web-app-checklist/toc.md

@@ -14,29 +14,45 @@ permalink: /draft/implementation/documentation/cheatsheets/
 
 ### 5.1.3 Cheat Sheet Series
 
-The [OWASP Cheat Sheet Series][cheatsheets] were created to provide a concise collection of high value information
+The [OWASP Cheat Sheet Series][cheatsheets] provide a concise collection of high value information
 on a wide range of specific application security topics.
-The cheat sheets are created by various application security professionals who have expertise in specific topics.
+The cheat sheets have been created by various application security professionals who have expertise in specific topics.
 
 The Cheat Sheet Series [documentation project][cheatproject] is an OWASP Flagship Project in constant development.
 
-#### What is the Cheat Sheet Series?
+#### What are the Cheat Sheets?
 
-To Do: go into more detail about the Cheat Sheet Series so that a developer
-can gain an overview of what this documentation project can provide for them.
+The Cheat Sheets are a series of self contained articles written by the security community
+on a specific subject within the security domain.
+The topics covered by the cheat sheets is wide, ranging from AJAX Security to XS (Cross Site) vulnerabilities.
+Each cheat sheet provides an introduction to the subject which provides enough information to understand the basic concept.
+It then goes on to describe its subject in more detail, often supplying recommendations or best practices.
+
+The OWASP Cheat Sheets are a common body of knowledge created by the software security community
+for a wide audience that is not confined to the security community.
 
 #### Why use them?
 
-To Do: provide more context for the Cheat Sheet Series that allows developers to determine
-whether to use them in their project.
+The OWASP Cheat Sheet Series provide developers and security engineers with most, and perhaps all,
+of the information on security topics that they will need to do their job.
+In addition the Cheat Sheets are regarded as authoritative: it is recommended to follow the advice in these Cheat Sheets.
+If a web application does not follow the recommendations in a cheat sheet, for example,
+then the implementation could be challenged during the testing or review processes.
 
-#### How to apply them
+#### How to use them
 
 The OWASP Spotlight series provides a good overview of using this documentation:
 'Project 4 - [Cheat Sheet Series][spotlight04]'.
 
-To Do: give a brief outline of how applying the Cheat Sheet Series documentation provides value for a web development team.
-Do not repeat the project documentation itself; ideally provide a primer and a pointer to the documentation.
+There are a lot of cheat sheets in the OWASP Cheat Sheet Series;
+91 of them as of March 2024 and this number is set to increase.
+The OWASP community recognises that this may become overwhelming at first, and so has arranged them in various ways:
+
+* [Alphabetically][cheatsheet-alpha]
+* Indexed to follow the [ASVS project][cheatsheet-asvs] or the [MASVS project][cheatsheet-masvs]
+* Arranged in sections of the [OWASP Top 10][cheatsheet-top10] or the [OWASP Proactive Controls][cheatsheet-proactive]
+
+The cheat sheets are continually being updated and are always open to contributions from the security community.
 
 ----
 
@@ -45,6 +61,11 @@ then [submit an issue][issue070103] or [edit on GitHub][edit070103].
 
 [cheatproject]: https://owasp.org/www-project-cheat-sheets/
 [cheatsheets]: https://cheatsheetseries.owasp.org/
+[cheatsheet-alpha]: https://cheatsheetseries.owasp.org/Glossary.html
+[cheatsheet-asvs]: https://cheatsheetseries.owasp.org/IndexASVS.html
+[cheatsheet-masvs]: https://cheatsheetseries.owasp.org/IndexMASVS.html
+[cheatsheet-proactive]: https://cheatsheetseries.owasp.org/IndexProactiveControls.html
+[cheatsheet-top10]: https://cheatsheetseries.owasp.org/IndexTopTen.html
 [edit070103]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/07-implementation/01-documentation/03-cheatsheets.md
 [issue070103]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=content&template=request.md&title=Update:%2007-implementation/01-documentation/03-cheatsheets
 [spotlight04]: https://youtu.be/S1cVYRDeiPQ