← Older revision
Revision as of 10:42, 22 December 2015
(7 intermediate revisions by the same user not shown)
Line 33:
Line 33:
== What's Hot! ==
== What's Hot! ==
+
+
See the "Tasks and Roadmap" tab for more information.
[[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
[[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
Line 106:
Line 108:
−
= Project and
related
OWASP Resources =
+
= Project and OWASP Resources =
{| style="padding:0; margin:0; margin-top:10px; text-align:left; width:100%;" |-
{| style="padding:0; margin:0; margin-top:10px; text-align:left; width:100%;" |-
Line 121:
Line 123:
[https://twitter.com/owasp_java Twitter, Java and JVM Project]
[https://twitter.com/owasp_java Twitter, Java and JVM Project]
−
[https://twitter.com/
owasp_languages
Twitter,
Programming Languages Project
]
+
[https://twitter.com/
owasp
Twitter,
OWASP
]
Line 158:
Line 160:
[[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
[[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
−
= Project Pages =
−
== Wiki Pages Review Operation 1 2015/2016 ==
−
[[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
−
<br/>
−
<br/>
−
== Tools Chain ==
−
[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
−
[[OWASP_Dependency_Check|OWASP Dependency Check]]
+
+
= Project Pages =
+
+
== Tools Chain ==
+
+
{| class="wikitable"
+
| [[OWASP_SonarQube_Project|OWASP SonarQube Project]]
+
| The first goal of the OWASP SonarQube Project is to a create a referential of check specifications targetting OWASP vulnerabilities and that can be detected by SAST tools (Static Application Security Testing). From there, the second goal is to provide a reference implementations of most of those checks in the Open Source SonarQube language analysers (Java, JavaScript, PHP and C#). SonarQube is an Open Source platform for managing code quality.
+
|-
+
|
[[OWASP_Dependency_Check|OWASP Dependency Check]]
+
| Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported.
+
|}
<br/>
<br/>
Line 180:
Line 186:
== Libraries ==
== Libraries ==
−
[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer]]
+
{| class="wikitable"
−
+
|
[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer]]
−
[[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]]
+
| The OWASP HTML Sanitizer is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
+
|-
+
|
[[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]]
+
| The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting.
+
|}
<br/>
<br/>
Line 188:
Line 198:
<br/>
<br/>
−
== Documents ==
+
==
General
Documents ==
−
[[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]
+
{| class="wikitable"
−
+
|
[[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]
−
[[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
+
|
[[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
−
+
|
[[Cheat_Sheets|OWASP Cheat Sheets Series]]
−
[[Cheat_Sheets|OWASP Cheat Sheets Series]]
+
|-
−
+
|
[[OWASP_Testing_Project|OWASP Testing Project]]
−
[[OWASP_Testing_Project|OWASP Testing Project]]
+
|
[[OWASP_Top_Ten_Project|OWASP Web Top 10]]
−
+
|
[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory]]
−
[[OWASP_Top_Ten_Project|OWASP Web Top 10]]
+
|}
−
+
−
[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory]]
+
<br/>
<br/>
Line 217:
Line 225:
== Retired, Inactive or Outdated Projects ==
== Retired, Inactive or Outdated Projects ==
−
{| class="wikitable"
{| class="wikitable"
−
!
+
|
[[https://www.owasp.org/index.php/OWASP_ESAPI#tab=Downloads
|OWASP ESAPI Project Java Implementation
]]
−
! Name
+
−
! Comment
+
−
! URLs
+
−
|
-
+
−
|
+
−
| OWASP ESAPI Project Java Implementation
+
| The Java and Java EE implementation of ESAPI Project is outdated and integrates various security issues, according to the bug tracker. It is strongly recommended to not employ this library in production code anymore and use alternative OWASP libraries instead. It still is useful for learning purposes.
| The Java and Java EE implementation of ESAPI Project is outdated and integrates various security issues, according to the bug tracker. It is strongly recommended to not employ this library in production code anymore and use alternative OWASP libraries instead. It still is useful for learning purposes.
−
|
[[https://www.owasp.org/index.php/OWASP_ESAPI#tab=Downloads|Project Page]],
[[https://owasp-esapi.atlassian.net/projects/ESAPILEG/issues/ESAPILEG-309?filter=allopenissues|Bug Tracker]]
+
| [[https://owasp-esapi.atlassian.net/projects/ESAPILEG/issues/ESAPILEG-309?filter=allopenissues|Bug Tracker]]
|}
|}
+
+
+
+
+
+
= Tasks and Roadmap =
+
+
+
== Ongoing Operations ==
+
+
[[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
+
+
<br/>
+
+
== Upcoming Operations ==
+
+
None at the moment. Everything is ongoing. If you have ideas for new operations, documentations, documents, projects, please drop a line on the mailing list or in a mail to project team.
+
+
<br/>
+
+
== Archived Operations ==
+
+
None at the moment.
+
+
<br/>
+
+
+
+
+
+
= Get involved =
= Get involved =
−
To get involved join the mailing list: [http://lists.owasp.org/mailman/listinfo/java-project OWASP Java and JVM Mailing List]
+
There are many ways of getting involved in an OWASP Documentation projects.
+
+
The first step would be to establish contact with the project leaders and/or the entire team. This can be done using a direct and private message, or by joining the public mailing list to say hello.
+
+
When it comes to participating in project activities, everything depends on the time you are willing and able to invest. It is however very important to not jump into too many things at the beginning, later having to back out or to let unfinished things behind you. It is much better to start with small tasks, increasing intensity and investment over time.
+
+
Please also be patient with expecting the "merge" of your work into the existing project pages and code. As everywhere in live, trust has to be built-up.
+
+
The Java and Project has currently multiple tasks open, which can be found on the adequate section of this page. Note all tasks require a wiki account. Please take something you are interested in and start participating.
+
Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.
+
+
Sounds cool? Then jump in...
+
+
To get involved join the mailing list
, follow this link
: [http://lists.owasp.org/mailman/listinfo/java-project OWASP Java and JVM Mailing List]
−
<TBD>
<td colspan