OWASP - User contributions [en]

Projects/OWASP Enhancing Security Options Framework (ESOP Framework)/Releases/Current

2011-03-18T06:52:57Z

Amber Marfatia: Created page with "Release Road Map for the ESOP Framework: 1. Wave 1: Documentation and Wireframe of the service framework 2. Wave 2: Class and design diagram framework 3. Wave 3: Developme..."

Release Road Map for the ESOP Framework:

1. Wave 1: Documentation and Wireframe of the service framework 2. Wave 2: Class and design diagram framework 3. Wave 3: Development of the framework     1. Application layer development     2. Data layer development 4. Wave 4: Integration 5. Wave 5: Alpha Testing 6. Wave 6: Beta Testing 7. Release & Publish 4. Project links (if any) to external sites: N.A. 5. Project License: GNU GPL V3.0

User talk:Amber Marfatia

2011-03-18T06:49:23Z

Amber Marfatia: /* Road Map towards creating the new security framework */ new section

'''Welcome to ''OWASP''!''' We hope you will contribute much and well. You will probably want to read the [[Help:Contents|help pages]]. Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC)

== Purpose of the framework - Enhancing Security Options Framework (ESOP Framework) ==

Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities:

 1. Remote code execution

2. SQL injection

3. Format string vulnerabilities

4. Cross Site Scripting (XSS)

5. Session hacking

6. Denial of service (DoS) attacks

7. Eavesdropping /Sniffing/ Phishing

8. Identity Spoofing

9. Man-in-the-Middle Attacks

10. Username enumeration

     1. Instrumentation & Audits for:

     2. Critical Business Areas

     3. User Management

     4. Un-usual activities

     5. Interfaces Integrations

11. IIS Tweaks

12. Password Policy

 

Road map for achieving the said framework is provided in the next section.

== Road Map towards creating the new security framework ==

Project Roadmap: Planning to phase the project execution in following waves: 

1. Wave 1: Documentation and Wireframe of the service framework 2. Wave 2: Class and design diagram framework 3. Wave 3: Development of the framework                  1. Application layer development                  2. Data layer development 4. Wave 4: Integration 5. Wave 5: Alpha Testing 6. Wave 6: Beta Testing 7. Release & Publish 4. Project links (if any) to external sites: N.A. 5. Project License: GNU GPL V3.0

Timelines to above roadmap will be provided in the subsquent post.

User talk:Amber Marfatia

2011-03-18T06:48:07Z

Amber Marfatia:

User talk:Amber Marfatia

2011-03-18T06:46:54Z

Amber Marfatia: /* Road Map towards creating the new security framework - Enhancing Security Options Framework (ESOP Framework) */ new section

User:Amber Marfatia

2011-03-18T06:41:43Z

Amber Marfatia:

Amber [amber.marfatia@gmail.com] total has Total 9+ years experience in handling & providing end to end software development solutions by developing, managing and maintaining projects with medium to large team size.

Currently managing team of an average size of 23 people and providing project management & application architecture cover to the account.
To play role of .Net Solution Architect & Project Manager which covers following aspects:

o As .Net solution architect:

Suggest, Design & get the Application Architecture implemented

Suggest & get Design guidelines implemented

Suggest & implementation of features to leverage of IIS advance with ASP.NET

Suggest & implementation of non-functional requirements

Formation of web security wrapper for the portals

Understanding common production issues & suggestions to overcome the same.

Specific project related issues / areas to work

Review and analysis of client’s existing portal architecture to identify gaps and suggest improvements

Collaborate with Client’s architects and provide technical solutions to the portal framework

Identify value-add opportunity and create proof of concepts and reference implementation for the product lines

Guide the development teams to implement the technical initiatives

Provide: HLD, LLD, execution / testing strategy.

Preparation & guiding the team for the exercise estimation using RFP / BRS

As project manager:

Responsible for managing multiple .Net (Asp. Net ) projects simultaneously

Ensuring the quality matrices for the project are well within the acceptable limits

Ensuring the defect density is well within the permissible limits

To lead multiple parallel projects, track and manage:

Resources along their loading & utilization

Managing Revenue generation for Fixed Bid Projects

SQA related activities enabling the project to be audit compliant

Managing project deliverables by tracking, adopting agile, identification & mitigation of risks & by providing functional & technical inputs to the team.

Sizing the projects based on proposals or RFP using FPA or Use Case estimation model.

Co-ordination & Gathering Requirement from Customer, documenting in the form of User Requirement Documentation (On Site / Off Site Client Co-ordination).

Envisaging & providing mitigation plans for the risk as applicable on the project

Making sure that resource utilization, cost & schedule management is optimal at account level.

Negotiate/manage expectations with business/end users, key stakeholders and senior leadership

User:Amber Marfatia

2011-03-18T06:40:18Z

Amber Marfatia: Amber Marfatia as solution architect and security specialist.

Total 9+ years experience in handling & providing end to end software development solutions by developing, managing and maintaining projects with medium to large team size.

Currently managing team of an average size of 23 people and providing project management & application architecture cover to the account.
To play role of .Net Solution Architect & Project Manager which covers following aspects:

o As .Net solution architect:

Suggest, Design & get the Application Architecture implemented

Suggest & get Design guidelines implemented

Suggest & implementation of features to leverage of IIS advance with ASP.NET

Suggest & implementation of non-functional requirements

Formation of web security wrapper for the portals

Understanding common production issues & suggestions to overcome the same.

Specific project related issues / areas to work

Review and analysis of client’s existing portal architecture to identify gaps and suggest improvements

Collaborate with Client’s architects and provide technical solutions to the portal framework

Identify value-add opportunity and create proof of concepts and reference implementation for the product lines

Guide the development teams to implement the technical initiatives

Provide: HLD, LLD, execution / testing strategy.

Preparation & guiding the team for the exercise estimation using RFP / BRS

As project manager:

Responsible for managing multiple .Net (Asp. Net ) projects simultaneously

Ensuring the quality matrices for the project are well within the acceptable limits

Ensuring the defect density is well within the permissible limits

To lead multiple parallel projects, track and manage:

Resources along their loading & utilization

Managing Revenue generation for Fixed Bid Projects

SQA related activities enabling the project to be audit compliant

Managing project deliverables by tracking, adopting agile, identification & mitigation of risks & by providing functional & technical inputs to the team.

Sizing the projects based on proposals or RFP using FPA or Use Case estimation model.

Co-ordination & Gathering Requirement from Customer, documenting in the form of User Requirement Documentation (On Site / Off Site Client Co-ordination).

Envisaging & providing mitigation plans for the risk as applicable on the project

Making sure that resource utilization, cost & schedule management is optimal at account level.

Negotiate/manage expectations with business/end users, key stakeholders and senior leadership