OWASP - User contributions [en]

User:Chandrakanth Reddy Narreddy

2010-11-28T07:15:34Z

Chandrakanth Reddy Narreddy:

Chandrakanth is an information security expert and researcher with core skills in application security and architecture. He focuses majorly on addressing as well as assessing security of applications, products and web applications. His research on insecure trends in internet technologies is published at http://www.foundstone.com/us/resources/whitepapers/wp_insecure_trends_in_web_technologies.pdf.

Chandrakanth is the leader of OWASP Alchemist project which helps application architects and developers to defend their applications by implementing secure design and coding practices.

* To see my wiki contributions, [[:Special:Contributions/Chandrakanth Reddy Narreddy|click here]].
* [mailto:chandra.chandra.kanth@owasp.org Email address].

Projects/OWASP Alchemist Project

2010-11-28T07:05:56Z

Chandrakanth Reddy Narreddy:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

Alchemist enables a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by architecting a real-life high stakes application with security built into it right from the inception, step-by-step as it falls under an SDLC. The current exercise is targeted at demonstrating this on a J2EE based web application that is developed using Spring framework. Spring framework was chosen due to its widespread adoption in the financial products. However, it is important note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted technology. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built using other leading programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

*Security Requirements
*Threat Risk Modeling
*Use and Abuse Cases
*Secure Coding Guideline

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Naveen Rudrappa
| leader_email1 = naveen.rudrappa@owasp.org
| leader_username1 = Naveen Rudrappa

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@hotmail.com
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Bishan Singh
| leader_email3 = Bishan.Singh@owasp.org
| leader_username3 = Bishan Singh

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist Secure J2EE Spring v1.0
| release_2 =
| release_3 =
| release_4 =
}}

Projects/OWASP Alchemist Project/Releases/Alchemist Secure J2EE Spring v1.0

2010-11-28T07:05:06Z

Chandrakanth Reddy Narreddy:

{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude>
| project_name = OWASP Alchemist Project
| project_home_page = :OWASP Alchemist Project

| release_name = Alchemist Secure J2EE Spring v1.0
| release_date = 13th January 2011
| release_download_link =

| release_description = A real-world banking application with 5 dynamic pages.

| release_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Naveen Rudrappa
| leader_email1 = naveen.rudrappa@owasp.org
| leader_username1 = Naveen Rudrappa

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@hotmail.com
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Bishan Singh
| leader_email3 = Bishan.Singh@owasp.org
| leader_username3 = Bishan Singh

| contributor_name1 =
| contributor_email1 =
| contributor_username1 =

| contributor_name2 =
| contributor_email2 =
| contributor_username2 =

| release_notes =

| links_url1 =
| links_name1 =

}}

Projects/OWASP Alchemist Project/Releases/Alchemist Secure J2EE Spring v1.0

2010-11-28T07:03:08Z

Chandrakanth Reddy Narreddy:

{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude>
| project_name = OWASP Alchemist Project
| project_home_page = :OWASP Alchemist Project

| release_name = Alchemist Secure J2EE Spring v1.0
| release_date = 13th January 2011
| release_download_link =

| release_description = A real-world banking application with 5 dynamic pages.

| release_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name1 =
| contributor_email1 =
| contributor_username1 =

| contributor_name2 =
| contributor_email2 =
| contributor_username2 =

| release_notes =

| links_url1 =
| links_name1 =

}}

Projects/OWASP Alchemist Project

2010-11-28T07:01:40Z

Chandrakanth Reddy Narreddy:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

Alchemist enables a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by architecting a real-life high stakes application with security built into it right from the inception, step-by-step as it falls under an SDLC. The current exercise is targeted at demonstrating this on a J2EE based web application that is developed using Spring framework. Spring framework was chosen due to its widespread adoption in the financial products. However, it is important note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted technology. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built using other leading programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

*Security Requirements
*Threat Risk Modeling
*Use and Abuse Cases
*Secure Coding Guideline

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Naveen Rudrappa
| leader_email1 = naveen.rudrappa@owasp.org
| leader_username1 = Naveen Rudrappa

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Bishan Singh
| leader_email3 = Bishan.Singh@owasp.org
| leader_username3 = Bishan Singh

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist Secure J2EE Spring v1.0
| release_2 =
| release_3 =
| release_4 =
}}

Projects/OWASP Alchemist Project/Releases/Alchemist Secure J2EE Spring v1.0

2010-09-06T16:57:27Z

Chandrakanth Reddy Narreddy:

{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude>
| project_name = OWASP Alchemist Project
| project_home_page = :OWASP Alchemist Project

| release_name = Alchemist alpha
| release_date = 13th December 2010
| release_download_link =

| release_description = A real-world banking application with 5 dynamic pages.

| release_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = c70n3r@gmail.com
| leader_username1 =

| leader_name2 = Chandrakanth Narreddy
| leader_email2 = chandra.kanth@hotmail.com
| leader_username2 =

| leader_name3 = Naveen Rudrappa
| leader_email3 = Naveen.rudra02@gmail.com
| leader_username3 =

| contributor_name1 =
| contributor_email1 =
| contributor_username1 =

| contributor_name2 =
| contributor_email2 =
| contributor_username2 =

| release_notes =

| links_url1 =
| links_name1 =

}}

Projects/OWASP Alchemist Project

2010-09-06T16:56:59Z

Chandrakanth Reddy Narreddy:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE on top of Spring framework with security built into it right from the inception, step-by-step as it falls under an SDLC. It is important to note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted framework. Spring framework was chosen due to its widespread adoption in the financial products. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built on other programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

*Security Requirements
*Threat Risk Modeling
*Use and Abuse Cases
*Secure Coding Guideline

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = Bishan.Singh@owasp.org
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@owasp.org
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = naveen.rudrappa@owasp.org
| leader_username3 = Naveen Rudrappa

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

Projects/OWASP Alchemist Project

2010-09-06T16:54:59Z

Chandrakanth Reddy Narreddy:

Projects/OWASP Alchemist Project

2010-09-03T09:21:21Z

Chandrakanth Reddy Narreddy:

{{Template:Project About
| project_name = OWASP Alchemist Project
| project_home_page =:OWASP Alchemist Project

| project_description =

*A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws. Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE (Spring/Struts) with security built into it right from the inception, step-by-step as it falls under an SDLC. Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:
**Security Requirements,
**Threat Risk Modeling,
**Use and Abuse Cases,
**Secure Coding Guideline,

| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]

| leader_name1 = Bishan Singh
| leader_email1 = c70n3r@gmail.com
| leader_username1 = Bishan Singh

| leader_name2 = Chandrakanth Reddy Narreddy
| leader_email2 = chandra.kanth@hotmail.com
| leader_username2 = Chandrakanth Reddy Narreddy

| leader_name3 = Naveen Rudrappa
| leader_email3 = Naveen.rudra02@gmail.com
| leader_username3 =

| contributor_name[1-10] =
| contributor_email[1-10] =
| contributor_username[1-10] =

| pamphlet_link = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-alchemist-project

| project_road_map = http://www.owasp.org/images/8/85/ALCHEMIST_-_PROJECT_CHARTER_v0_2.pdf

| links_url[1-10] =
| links_name[1-10] =
| release_1 = Alchemist 1.0
| release_2 =
| release_3 =
| release_4 =
}}

OWASP Alchemist Project

2010-09-03T09:19:21Z

Chandrakanth Reddy Narreddy:

==== Main ====
Hello Bish, chandra and Naveen. Please fill in here as you find best. Thanks much, Paulo Coimbra

==== Project About ====
{{:Projects/OWASP_Alchemist_Project | Project About}}

__NOTOC__
<headertabs/>

[[Category:OWASP Project|Alchemist Project]]
[[Category:OWASP Tool]]
[[Category:OWASP Alpha Quality Tool]]