OWASP - User contributions [en]

OWASP Alchemist Project

2010-09-08T13:23:07Z

Bishan Singh:

==== Main ====
While there are extensive resources on the Internet about secure architecture and security practices that when implemented effectively across an SDLC produce highly secure and defensible applications. One must acknowledge that their adoption has challenged project teams, one constraint being lack of reference implementations that demonstrate effective realization of highly secure and defensible applications.

Alchemist aims to bridge this gap. Alchemist is a free, open source, enterprise web application security resource that enables software development teams build high secure and defensible applications. Alchemist is structured for easier adoption and learning for software architects and programmers, allowing them to implement strong security practices into their applications.

The focus is to achieve this objective by architecting and developing a highly secure and defensible enterprise web application. The outcome of this exercise is targeted as a reference implementation for development houses. The overall objective is to leverage secure architecture and practices to showcase secure application development implementations with leading technologies and frameworks. In its first exercise, Alchemist proposes to demonstrate a secure J2EE web application that is developed using Spring framework.

OWASP lists a number of common application security [[:Category:Vulnerability|vulnerabilities]]. These apply to most of the programming languages and platforms. The notable exception being [[Buffer Overflow|buffer overflow]] and related issues that do not apply to J2EE. .Net and the likes. Alchemist is designed to demonstrate effective mitigation of most of these issues in its reference implementations.

More details on the project, including the high level road-map can be found in the Project About tab. If you'd like to contribute join the [https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project mailing list] and share your ideas and suggestions on the ongoing progress, and of course your proposal for contribution for the ongoing work or work for other programming languages.

==== Project About ====
{{:Projects/OWASP_Alchemist_Project | Project About}}

__NOTOC__
<headertabs/>

[[Category:OWASP Project|Alchemist Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]

Projects/OWASP Alchemist Project

2010-09-08T13:14:37Z

Bishan Singh:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

Alchemist enables a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by architecting a real-life high stakes application with security built into it right from the inception, step-by-step as it falls under an SDLC. The current exercise is targeted at demonstrating this on a J2EE based web application that is developed using Spring framework. Spring framework was chosen due to its widespread adoption in the financial products. However, it is important note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted technology. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built using other leading programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

*Security Requirements
*Threat Risk Modeling
*Use and Abuse Cases
*Secure Coding Guideline

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

OWASP Alchemist Project

2010-09-08T13:09:33Z

Bishan Singh:

==== Main ====
While there are extensive resources on the Internet about secure architecture and security practices that when implemented effectively across an SDLC produce highly secure and defensible applications. One must acknowledge that their adoption has challenged project teams, one constraint being lack of reference implementations that demonstrate effective realization of highly secure and defensible applications.

Alchemist aims to bridge this gap. Alchemist is a free, open source, enterprise web application security resource that enables software development teams build high secure and defensible applications. Alchemist is structured for easier adoption and learning for software architects and programmers, allowing them to implement strong security practices into their applications.

The focus is to achieve this objective by architecting and developing a highly secure and defensible enterprise web application. The outcome of this exercise is targeted as a reference implementation for development houses. The overall objective is to leverage secure architecture and practices to showcase secure application development implementations with leading technologies and frameworks. In its first exercise, Alchemist proposes to demonstrate a secure J2EE web application that is developed using Spring framework.

OWASP lists a number of common application security [[:Category:Vulnerability|vulnerabilities]]. These apply to most of the programming languages and platforms. The notable exception being [[Buffer Overflow|buffer overflow]] and related issues that do not apply to J2EE. .Net and the likes. Alchemist is designed to demonstrate effective mitigation of most of these issues in its reference implementations.

More details on the project, including the high level road-map can be found in the Project About tab. If you'd like to contribute join the [https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project mailing list] and share your ideas and suggestions on the ongoing progress, and of course your proposal for contribution for the ongoing work or work for other programming languages.

''NOTE: This project has no sponsors. Please reach us if you wish to sponsor this initiative. Sponsorship goes a long way in speeding up our release cycles and of course spawning other reference implementations sooner than later.
''
==== Project About ====
{{:Projects/OWASP_Alchemist_Project | Project About}}

__NOTOC__
<headertabs/>

[[Category:OWASP Project|Alchemist Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]

OWASP Alchemist Project

2010-09-08T13:03:10Z

Bishan Singh:

Projects/OWASP Alchemist Project

2010-09-08T12:59:33Z

Bishan Singh:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

Alchemist enables a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by way of architecting a real-life high stakes application with security built into it right from the inception, step-by-step as it falls under an SDLC. The current exercise is targeted at demonstrating this on a J2EE based web application that is developed using Spring framework. Spring framework was chosen due to its widespread adoption in the financial products. However, it is important note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted technology. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built using other leading programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

*Security Requirements
*Threat Risk Modeling
*Use and Abuse Cases
*Secure Coding Guideline

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

OWASP Alchemist Project

2010-09-08T12:52:45Z

Bishan Singh:

==== Main ====
While there are extensive resources on the Internet about secure architecture and security practices that when implemented effectively across an SDLC produce highly secure and defensible applications. One must acknowledge that their adoption has challenged project teams, one constraint being lack of reference implementations that demonstrate effective realization of highly secure and defensible applications.

Alchemist aims to bridge this gap. Alchemist is a free, open source, enterprise web application security resource that enables software development teams build high secure and defensible applications. Alchemist is structured for easier adoption and learning for software architects and programmers, allowing them to implement strong security practices into their applications.

The focus is to achieve this objective by architecting and developing a highly secure and defensible enterprise web application. The outcome of this exercise is targeted as a reference implementation for development houses. The overall objective is to showcase, leveraging secure architecture and practices, secure development implementations with leading technologies and frameworks. In its first exercise, Alchemist proposes to demonstrate a secure J2EE web application that is developed using Spring framework.

OWASP lists a number of common application security [[:Category:Vulnerability|vulnerabilities]]. These apply to most of the programming languages and platforms. The notable exception being [[Buffer Overflow|buffer overflow]] and related issues that do not apply to J2EE. .Net and the likes. Alchemist is designed to demonstrate effective mitigation of most of these issues in its reference implementations.

More details on the project, including the high level road-map can be found in the Project About tab. If you'd like to contribute join the [https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project mailing list] and share your ideas and suggestions on the ongoing progress, and of course your proposal for contribution for the ongoing work or work for other programming languages.

==== Project About ====
{{:Projects/OWASP_Alchemist_Project | Project About}}

__NOTOC__
<headertabs/>

[[Category:OWASP Project|Alchemist Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]

Projects/OWASP Alchemist Project/Releases/Alchemist Secure J2EE Spring v1.0

2010-09-08T12:21:50Z

Bishan Singh:

{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude>
| project_name = OWASP Alchemist Project
| project_home_page = :OWASP Alchemist Project

| release_name = Alchemist 1.0
| release_date = 13th December 2010
| release_download_link =

| release_description = A real-world banking application with 5 dynamic pages.

| release_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = c70n3r@gmail.com
| leader_username1 =

| leader_name2 = Chandrakanth Narreddy
| leader_email2 = chandra.kanth@hotmail.com
| leader_username2 =

| leader_name3 = Naveen Rudrappa
| leader_email3 = Naveen.rudra02@gmail.com
| leader_username3 =

| contributor_name1 =
| contributor_email1 =
| contributor_username1 =

| contributor_name2 =
| contributor_email2 =
| contributor_username2 =

| release_notes =

| links_url1 =
| links_name1 =

}}

OWASP Alchemist Project

2010-09-05T11:34:52Z

Bishan Singh:

==== Main ====
While there are extensive resources on the Internet about security architecture and security practices that when implemented effectively across an SDLC produce highly secure and defensible applications. It is easier said than done. Notably, most of the popular programming languages and frameworks contain many security technologies, yet it is not easy to produce an application without security vulnerabilities.

Alchemist aims to bridge these gaps. Alchemist is a free, open source, web application security resource that enables software development teams build high secure and defensible applications. Alchemist is structured for easier adoption and learning of software architects, analysts and programmers, allowing them implement strong security practices into their own web applications.

The current focus is on achieving this objective by architecting and developing a highly secure and defensible application in J2EE on top of Spring framework. The outcome of this exercise is targeted as a reference implementation. The overall objective is to be independent of programming language, yet show-case a real-life application in each of the popular programming languages and frameworks.

OWASP lists a number of common application security [[:Category:Vulnerability|vulnerabilities]]. These apply to most of the programming languages and platforms. The notable exception being [[Buffer Overflow|buffer overflow]] and related issues that do not apply to J2EE. .Net and the likes. Alchemist is designed to demonstrate effective mitigation of most of these issues in its reference implementations.

More details on the project, including the high level road-map can be found in the Project About tab. If you'd like to contribute join the [https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project mailing list] and share your ideas and suggestions on the ongoing progress, and of course your proposal for contribution for the ongoing work or work for other programming languages.

==== Project About ====
{{:Projects/OWASP_Alchemist_Project | Project About}}

__NOTOC__
<headertabs/>

[[Category:OWASP Project|Alchemist Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]

Projects/OWASP Alchemist Project

2010-09-05T10:56:17Z

Bishan Singh:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE on top of Spring framework with security built into it right from the inception, step-by-step as it falls under an SDLC. It is important to note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted framework. Spring framework was chosen due to its widespread adoption in the financial products. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built on other programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

*Security Requirements
*Threat Risk Modeling
*Use and Abuse Cases
*Secure Coding Guideline

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

Projects/OWASP Alchemist Project

2010-09-05T09:42:50Z

Bishan Singh:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

*A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws. Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE (Spring/Struts) with security built into it right from the inception, step-by-step as it falls under an SDLC. Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:
**Security Requirements,
**Threat Risk Modeling,
**Use and Abuse Cases,
**Secure Coding Guideline,

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

Projects/OWASP Alchemist Project

2010-09-05T06:39:50Z

Bishan Singh:

==== Main ====
{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

*A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws. Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE (Spring/Struts) with security built into it right from the inception, step-by-step as it falls under an SDLC. Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:
**Security Requirements,
**Threat Risk Modeling,
**Use and Abuse Cases,
**Secure Coding Guideline,

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

OWASP Alchemist Project

2010-09-02T04:28:04Z

Bishan Singh:

==== Main ====
Hello Bish. Please fill in here as you find best. Thanks much, Paulo Coimbra

==== Project About ====
{{:Projects/OWASP_Alchemist_Project | Project About}}

__NOTOC__
<headertabs/>

[[Category:OWASP Project|Alchemist Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]