← Older revision
Revision as of 03:12, 12 October 2013
Line 1:
Line 1:
−
=What
OWASP
Projects Will Be at the Summit?=
+
'''[https://www.owasp.org/index.php/OWASP_AppSensor_Project
OWASP
AppSensor]'''
−
This year we have ten projects participating in
the
OWASP Project Summit event module
.
+
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create
the
AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities
.
−
==OWASP AppSensor==
−
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities. [https://www.owasp.org/index.php/OWASP_AppSensor_Project More about OWASP AppSensor here.]
−
==OWASP Code Review Guide==
+
'''
[https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review
Guide
]
'''
−
The Code Review Guide focuses on secure code reviews and tools that aim to support the developer community. Such an activity is very powerful as it gives the developer community a place to start regarding secure application development. More about
[https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review
here.
]
+
−
==OWASP Development Guide==
+
The
Code Review
Guide
focuses on
secure
code reviews
and
tools that aim
to
support
the
developer community. Such an activity is very powerful as it gives the developer community a place
to
start regarding
secure
application development
.
−
The
Development
Guide
is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying
secure
Web Applications
and
Web Services. The OWASP Developer Guide 2013 aims
to
focus
the
content from countermeasures and weaknesses
to secure
software engineering. More about the OWASP Development Guide [https://www.owasp.org/index.php/OWASP_Guide_Project OWASP Development Guide here
.
]
+
−
==The OWASP Education Projects==
−
The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.
−
Initiatives of
the OWASP Education
Project are:
+
'''[https://www.owasp.org/index.php/OWASP_Guide_Project OWASP Development Guide]'''
+
+
The Development Guide is aimed at architects, developers, consultants, and auditors. It is a comprehensive manual for designing, developing, and deploying secure Web Applications and Web Services. The OWASP Developer Guide 2013 aims to focus
the
content from countermeasures and weaknesses to secure software engineering.
+
+
+
'''The
OWASP Education
Projects'''
+
+
The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.
===[https://www.owasp.org/index.php/OWASP_Training OWASP Training]===
===[https://www.owasp.org/index.php/OWASP_Training OWASP Training]===
Line 26:
Line 27:
OWASP Student Chapter
OWASP Student Chapter
−
==OWASP Enterprise Security API==
−
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. More about [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API here.]
−
==
OWASP
02 Project==
+
'''[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
OWASP
Enterprise Security API]'''
−
The
O2 platform represents
a
new paradigm for how to perform
,
document
,
and distribute Web Application
security
reviews
.
O2 is
designed to
Automate Application Security Knowledge and Workflows, and
to
Allow non-
security
experts
to
access
and
consume Security Knowledge
.
More about
[https://www.owasp.org/index.php/
OWASP_O2_Platform
OWASP
O2 Platform here
.]
+
+
ESAPI (
The
OWASP Enterprise Security API) is
a
free
,
open source
,
web application
security
control library that makes it easier for programmers to write lower-risk applications
.
The ESAPI libraries are
designed to
make it easier for programmers
to
retrofit
security
into existing applications.
+
+
+
'''[https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Open SAMM]'''
+
+
The Software Assurance Maturity Model (SAMM) is an open framework that aims
to
help organizations formulate
and
implement a strategy for software security that is tailored to the specific risks facing the organization
.
SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development.
+
+
+
'''
[https://www.owasp.org/index.php/
OWASP_Testing_Project
OWASP
Testing Guide]'''
+
+
This Testing Guide Project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations
.
Contributors of this project are currently writing Version 4 of the guide, and are actively seeking authors.
+
+
+
'''[https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy (ZAP)
]
'''
−
==OWASP Open SAMM==
+
The
Zed Attack Proxy
(
ZAP
) is an
easy
to
use integrated penetration testing tool
for
finding vulnerabilities in web applications. It
is
designed
to be
used
by
people with a wide range of security experience
,
and as such
,
is ideal for developers
and
functional testers who are new to penetration testing
.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually
.
−
The
Software Assurance Maturity Model
(
SAMM
) is an
open framework
to
help organizations formulate and implement a strategy
for
software security that
is
tailored
to
the specific risks facing the organization. SAMM was defined with flexibility in mind such that it can
be
utilized
by
small
,
medium
, and
large organizations using any style of development. More about [https://www
.
owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Open SAMM here
.
]
+
−
==OWASP Security Principles Project==
−
The OWASP Security Principles Project aims to distil the fundamentals of security into a set of concise principles that must be present in any system throughout the requirements, architecture, development, testing, and implementation of that system. More about [https://github.com/OWASP/Security-Principles OWASP Security Principles Project here.]
−
==OWASP Testing Guide==
+
'''
[https://www.owasp.org/index.php/
OWASP_Mobile_Security_Project
OWASP
Mobile Security Project
]
'''
−
This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations. Contributors of this project are currently writing Version 4 of the guide, and are actively seeking authors. More about
[https://www.owasp.org/index.php/
OWASP_Testing_Project
OWASP
Testing Guide here.
]
+
−
==OWASP Zed Attack Proxy (ZAP)==
+
The
primary focus
is
at the application layer
.
While we take into consideration the underlying mobile platform
and
carrier inherent risks when threat modeling
and
building controls, we
are
targeting the areas that the average developer can make a difference
.
Additionally, we focus not only on the mobile applications deployed
to
end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with
.
We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features
.
−
The
Zed Attack Proxy (ZAP)
is
an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
.
It is designed to be used by people with a wide range of security experience
and
as such is ideal for developers
and
functional testers who
are
new to penetration testing
.
ZAP provides automated scanners as well as a set of tools that allow you
to
find security vulnerabilities manually
.
More about [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy (ZAP) here
.
]
+