https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=DevgregOWASP - User contributions [en]2026-05-16T09:52:18ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=GSoC2019_Ideas&diff=246480GSoC2019 Ideas2019-01-09T21:01:12Z<p>Devgreg: Added DefectDojo</p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
<br />
<br />
==OWASP-SKF (draft)==<br />
Idea 1: Build lab examples and write-ups (how to test) for different code languages delivered in Docker (these must correlate with a Knowledge base item in SKF)<br />
* For example we have now around 20 lab challenges in Docker container build in Python:<br />
** A Local File Inclusion Docker app example:<br />
*** https://github.com/blabla1337/skf-labs/tree/master/LFI<br />
** A write-up example:<br />
*** https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection<br />
Idea 2: We want to extend the Machine learning chatbot functionality in SKF.<br />
* Create a desktop version of the chatbot. Where people can install the setup file on their local machine.<br />
* Extend the bots capability to do the google search(using web scraping) for the things which are not available in the database. So, it will have a wider scope of knowledge.<br />
* Extend the bot capability to reply what security controls should be followed from the ASVS and MASVS or other custom checklists that are present in SKF.<br />
* Extend the bot to different platforms like Facebook, telegram, slack etc.<br />
** Now the working chatbot implementation for example is only for Gitter<br />
<br />
== OWASP DefectDojo ==<br />
OWASP DefectDojo is a popular open source vulnerability management tool, used as the backbone for security programs. It is easy to get started with and work on! We welcome volunteers of all experience levels and are happy to provide mentorship.<br />
<br />
Option 1: Unit Tests - Difficulty: Easy<br />
* If you're new to programming, unit tests are short scripts designed to test a specific function of an application.<br />
* The project needs additional unit tests to ensure that new code functions properly. <br />
Option 2: Feature Enhancement - Difficulty: Varies<br />
* The functionality of DefectDojo is constantly expanding.<br />
* Feature enhancements offer programming challenges for all levels of experience.<br />
Option 3: Pull Request Review - Difficulty: Moderate - Hard<br />
* Test pull requests and provide feedback on code.</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=246328OWASP DefectDojo Project2019-01-02T14:45:39Z<p>Devgreg: Updated Leaders</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is an Application Security Program tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python and Django.<br />
<br />
Testing or installing DefectDojo is easy. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/DefectDojo/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/defectdojo/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://www.defectdojo.org/ DefectDojo Product Page]<br />
<br />
[https://github.com/DefectDojo/django-DefectDojo/ Source Code]<br />
<br />
[https://github.com/DefectDojo/django-DefectDojo/blob/master/docs/getting-started.rst Getting Started Guide]<br />
<br />
[https://github.com/DefectDojo/django-DefectDojo/releases What's New]<br />
<br />
[https://github.com/DefectDojo/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[https://www.owasp.org/index.php/User:Aweaver Aaron Weaver][mailto:aaron.weaver@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [23 July 2018] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.5.1 Version 1.5.1 Released]<br />
* [15 Dec 2017] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.2.1 Version 1.2.1 Released]<br />
* [20 Sep 2017] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.2 Version 1.2.0 Released]<br />
* [19 Dec 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.3 Version 1.1.3 Released]<br />
* [12 Nov 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.2 Version 1.1.2 Released]<br />
* [13 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.1 Version 1.1.1 Released]<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
The project is extremely grateful for all of our contributors both prior to becoming open source and after. <br />
[https://github.com/OWASP/django-DefectDojo/graphs/contributors Contributors since going open source].<br />
<br />
==Sponsors==<br />
[[Image:xing_logo.png|link=https://corporate.xing.com/en/about-xing/security/|www.xing.com]]<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project.<br />
<br />
==Roadmap==<br />
'''July 2018 Release 1.5:'''<br />
** Updated UI with a new DefectDojo logo, default colors and CSS.<br />
** Updated Product views with tabs for Product Overview, Metrics, Engagements, Endpoints, Benchmarks (ASVS), and Settings to make it easier to navigate and manage your products.<br />
** New Product Information fields: Regulations, Criticality, Platform, Lifecycle, Origin, User Records, Revenue, External Audience, Internet Accessible<br />
** Languages pie chart on product overview, only supported through the API and Django admin, integrates with cloc analyzer<br />
** New Engagement type of CI/CD to support continual testing<br />
** Engagement shortcuts and ability to import findings and auto-create an engagement<br />
** Engagement labels for overdue, no tests and findings<br />
** New Contextual menus throughout DefectDojo and shortcuts to new findings and critical findings<br />
** Ability to merge a finding into a parent finding and either inactivate or delete the merged findings.<br />
** Report improvements and styling adjustment with the default option of HTML reports<br />
** SLA for remediation of severities based on finding criticality, for example critical findings remediated within 7 days. Configurable in System Settings.<br />
** Engagement Auto-Close Days in System Settings. Automatically close an engagement if open past the end date.<br />
** Ability to apply remediation advice based on CWE. For example XSS can be configured as a template so that it’s consistent across all findings. Enabled in system settings.<br />
** Finding confidence field supported from scanners. First implementation in the Burp importer.<br />
** Goast importer for static analysis of Golang products<br />
** Celery status check on System Settings<br />
** Beta rules framework release for modifying findings on the fly<br />
** DefectDojo 2.0 API with Swagger support<br />
** Created and Modified fields on all major tables<br />
** Various bug fixes reported on Github<br />
<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/OWASP/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Aaron Weaver<br />
| leader_email2=aaron.weaver@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Matt Tesauro<br />
| leader_email3= matt.tesauro@owasp.org<br />
| leader_username3=N/A<br />
}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]<br />
[[Category:Projects|DefectDojo]]<br />
[[Category:Incubator Projects|DefectDojo]]<br />
[[Category:OWASP DefectDojo|DefectDojo]]</div>Devgreghttps://wiki.owasp.org/index.php?title=November_2018&diff=245340November 20182018-11-21T13:14:18Z<p>Devgreg: </p>
<hr />
<div><br />
Meeting Date: November 21, 2018<br />
<br />
Meeting Time: 12:00 PM to 1:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=11&day=21&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])<br />
<br />
Meeting Location: Virtual<br />
<br />
Address: N/A<br />
<br />
Virtual: https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
Previous meeting minutes: [https://docs.google.com/document/d/1p4zVQPne5oITUckHZD6q3UGx3az4q8_YQLDmyn-UTA4/edit?usp=sharing 2018-10-10 meeting minutes]<br />
REPORTS<br />
Financial Reports: [https://drive.google.com/a/owasp.org/file/d/0Bzb3QwFMHCXrbXc2NFVUZXB6Z1ZSeTNPclh4QmZ0aVY0Zmg0/view?usp=sharing Board Summary] and [https://drive.google.com/a/owasp.org/file/d/0Bzb3QwFMHCXrR1k1anlQMHExX29iYTZITnRveEY3eEhxbkVR/view?usp=sharing Balance Sheet] (Tom P)<br />
<br />
Director of Community and Operations Report and Updates (Matt T)<br />
* [https://docs.google.com/document/d/1Lxo9fG6E3EOsJ6Bt0c_QJgDQWZGygN3CNUbBHnlJFHY/edit?usp=sharing Status report for Nov 2018 board meeting]<br />
* [https://docs.google.com/document/d/19arizQd78VQy0umW2kXEkKXBxO6kIsdoOJ5NutMbG4w/edit?usp=sharing Draft Job Description for Director of Conferences and Events]<br />
* [https://docs.google.com/document/d/1pUYdWkzoxieXr2qAhCuAY2hwmUbeiaWrdng2JVr9USI/edit?usp=sharing Draft Job Description for Executive Director]<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
<br />
'''<u>Motions</u>''' <br />
* '''Compliance Committee Changes''' - https://docs.google.com/document/d/1OSm7Vu5iuE-Uu-iOTjD7XhEXQqwDN_ZJ7jOOYqoiCzo/edit?usp=sharing - Greg (added on this Months Agenda by Sherif)<br />
* Board Eligibility - https://docs.google.com/document/d/1FO_Ob62LwVZHXA9qtDoNSfmMB6u9PZZHpG2RJcL7e-w/edit - Greg<br />
* '''OWASP Global Committees 2.0 Changes''' - [https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo/edit https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo] - Owen (added on this Months Agenda by Sherif)<br />
<br />
'''<u>Discussions:</u>'''<br />
* '''Treasury''' - 2018 Remaining Action Items:<br />
** Request for the foundation to provide Accountants with Merchandise Inventory.<br />
** Request for the foundation to finalize the accounts receivables.<br />
* '''Global/Local Events Splits:''' We need establish a roadmap on how to get from a few proposed ideas to an actionable motion that has been discussed with the community to vote on and enact. '''*Note:''' From the last leaders meeting the emerging consensus from the community is for regional events to have multiple splits (e.g. 90/10 - 80/20 - 70/30) with different packages/support levels from the foundation.<br />
* '''2019 Strategy + Budget:''' Given Karen's departure we need to pick up where we left of and agree on it no later than End of January<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT</div>Devgreghttps://wiki.owasp.org/index.php?title=October_2018&diff=243858October 20182018-10-01T10:43:49Z<p>Devgreg: /* Old Business */</p>
<hr />
<div><br />
Meeting Date: October 10th, 2018<br />
<br />
Meeting Time: 3:00 to 4:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=10&day=10&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])<br />
<br />
Meeting Location: Physical Meeting at AppSec USA 2018 Conference + Virtual <br />
<br />
Address: N/A<br />
<br />
Virtual: https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
<br />
REPORTS<br />
<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
=<nowiki>=</nowiki>=<br />
<br />
==Old Business==<br />
2019 Board Eligibility - https://docs.google.com/document/d/1a_adkVd5xL14Gg-Dwoeyg_bTDA3t8y2puy25AYyVQ8s/edit?usp=sharing Greg<br />
<br />
Compliance Committee Changes - https://docs.google.com/document/d/1OSm7Vu5iuE-Uu-iOTjD7XhEXQqwDN_ZJ7jOOYqoiCzo/edit?usp=sharing Greg<br />
<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]</div>Devgreghttps://wiki.owasp.org/index.php?title=September_2018&diff=243787September 20182018-09-27T17:09:02Z<p>Devgreg: /* Old Business */</p>
<hr />
<div><br />
Meeting Date: September 27, 2018<br />
<br />
Meeting Time: 2:00 PM to 3:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=9&day=19&hour=18&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])<br />
<br />
Meeting Location: Virtual<br />
<br />
Address: N/A<br />
<br />
Virtual: https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES [https://docs.google.com/document/d/1qx55SQqlINNc0lw7N7La7NA5pb7scLLLYeaK-Z30r9Y/edit?usp=sharing prior meeting minutes]<br />
<br />
<br />
REPORTS<br />
[https://drive.google.com/file/d/10XKlV5NzMw0njMSx9OVFjDOC2v9Fw13f/view?usp=sharing Executive Director Summary Report]<br />
<br />
[https://drive.google.com/file/d/0B-AxFkR1zgGVTjZGM01vSzU0ejZ1Y05Tci1zN29UTndnZGo0/view?usp=sharing AppSec USA 2018 Registration Report]<br />
<br />
<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
* [http://lists.owasp.org/pipermail/owasp-leaders/2018-September/019352.html OWASP Global Chapters Committee Proposal] - Josh Sokol<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
=<nowiki>=</nowiki>=<br />
<br />
==Old Business==<br />
[https://docs.google.com/document/d/1OSm7Vu5iuE-Uu-iOTjD7XhEXQqwDN_ZJ7jOOYqoiCzo/edit?usp=sharing Compliance Committee Charter] - Discussion & Vote - Greg<br />
<br />
Board Eligibility Discussion - Greg <br />
<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
Conference tickets and splits - Greg<br />
<br />
[http://lists.owasp.org/pipermail/owasp-leaders/2018-September/019352.html OWASP Global Chapters Committee Proposal] - Josh Sokol<br />
<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]</div>Devgreghttps://wiki.owasp.org/index.php?title=September_2018&diff=242808September 20182018-08-24T21:33:43Z<p>Devgreg: /* New Business */</p>
<hr />
<div><br />
Meeting Date: September 19, 2018<br />
<br />
Meeting Time: 2:00 PM to 3:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=9&day=19&hour=18&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])<br />
<br />
Meeting Location: Virtual<br />
<br />
Address: N/A<br />
<br />
Virtual: https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
<br />
REPORTS<br />
<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
=<nowiki>=</nowiki>=<br />
<br />
==Old Business==<br />
Compliance Committee Charter - Discussion & Vote - Greg<br />
<br />
Board Eligibility Discussion - Greg <br />
<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
Conference tickets and splits - Greg<br />
<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]</div>Devgreghttps://wiki.owasp.org/index.php?title=September_2018&diff=242749September 20182018-08-22T23:38:10Z<p>Devgreg: /* Old Business */</p>
<hr />
<div><br />
Meeting Date: September 19, 2018<br />
<br />
Meeting Time: 2:00 PM to 3:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=9&day=19&hour=18&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])<br />
<br />
Meeting Location: Virtual<br />
<br />
Address: N/A<br />
<br />
Virtual: https://www3.gotomeeting.com/join/861328838<br />
<br />
[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
<br />
REPORTS<br />
<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
=<nowiki>=</nowiki>=<br />
<br />
==Old Business==<br />
Compliance Committee Charter - Discussion & Vote - Greg<br />
<br />
Board Eligibility Discussion - Greg <br />
<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]</div>Devgreghttps://wiki.owasp.org/index.php?title=May_15,_2018&diff=240701May 15, 20182018-05-14T13:41:10Z<p>Devgreg: Added compliance update section</p>
<hr />
<div><br />
Meeting Date: May 15 2018<br />
<br />
Meeting Location: Virtual<br />
Meeting Time: [[May 15, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=5&day=15&hour=19&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 Click Here for Meeting Time in Your Timezone]<br />
<br />
Virtual: GoToMeeting Meeting ID: 861-328-838 <br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
'''Note: Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording'''<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES [https://docs.google.com/document/d/124lroPoGIYJpNMm3ImhHrCoJXqNJ1yJJ6xcoDSOU3nA/edit?usp=sharing prior meeting minutes]<br />
<br />
REPORTS- Review of BOD Report<br />
<br />
OLD BUSINESS<br />
<br />
Compliance Committee Updates - Greg<br />
<br />
NEW BUSINESS<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
===<br />
<br />
==Old Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
===GDPR===<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
;GDPR<br />
As for the GDPR, we as OWASP have a legal entity in Belgium.<br />
This is an advantage, as thereby we do only have to the with the Belgian AP.<br />
With Toreon, company of Sebastien Deleersnyder, we agreed to have an intern helping us with the GDPR compliance with the backing of an experience GDPR professional, for the data register etc..<br />
<br />
;OWASP Event Strategy<br />
A Status update & Discussion on the OWASP Event Strategy. Here are some '''''example''''' questions we hope the strategy to cover:<br />
* How do we want to re-brand foundation run events to distinguish between regional events?<br />
* What type of events shall the foundation run? <br />
* What selection criteria are there for those events?<br />
* How will they be operated and managed between the foundation and the community? <br />
* What types of events can be run?<br />
* Which events are we planning for 2019? <br />
;DPO<br />
Furthermore, it is not required for an organization as OWASP to have an DPO (Data Privacy Officer),but it is advised. We should discus about this role, definition and should it be one of the board members. So we would have another role, next to chair, vice-chair, treasurer and secretary. <br />
===Online training portal===<br />
We have been contacted from a professor of an university in the US. They want to develop online material for their course on the cloudera platform. <br />
He asked on what basis can they use available OWASP material. Futhermore, Cloudera claims course material cannot be shared outside the cloudera platform.<br />
;OWASP material is free to use, there is not limitation of using OWASP material to develop an online training<br />
;We discussed to options of having the online training available for free via the Cloudera platform. Exam specific material is not public available.<br />
;He volunteered to setup an call with Cloudera, who has a good standing about sharing knowledge, if they are willing to enable public shared OWASP training meterial via their platform<br />
===Approval of 2018 Budget===<br />
;</div>Devgreghttps://wiki.owasp.org/index.php?title=April_4,_2018&diff=239055April 4, 20182018-03-27T19:59:12Z<p>Devgreg: Spacing fix.</p>
<hr />
<div><br />
Meeting Date: April 4 2018<br />
<br />
Meeting Location: Virtual<br />
<br />
Virtual: GoToMeeting Meeting ID: 861-328-838 <br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
<br />
REPORTS<br />
<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
===<br />
<br />
==Old Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
Compliance Committee Changes (Discussion) - Addressing top community concerns from the election. (Greg)<br />
<br />
Business Plan Development (Discussion) - Setting a road map, goals, KPIs, etc. (Greg)</div>Devgreghttps://wiki.owasp.org/index.php?title=April_4,_2018&diff=239054April 4, 20182018-03-27T19:58:24Z<p>Devgreg: New Business - Greg</p>
<hr />
<div><br />
Meeting Date: April 4 2018<br />
<br />
Meeting Location: Virtual<br />
<br />
Virtual: GoToMeeting Meeting ID: 861-328-838 <br />
<br />
[[International Toll Free Calling Information]]<br />
<br />
AGENDA<br />
<br />
CALL TO ORDER<br />
<br />
CHANGES TO THE AGENDA<br />
<br />
APPROVAL OF MINUTES<br />
<br />
REPORTS<br />
<br />
OLD BUSINESS<br />
<br />
NEW BUSINESS<br />
<br />
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS<br />
<br />
ADJOURNMENT<br />
<br />
<br />
===<br />
<br />
==Old Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
==New Business==<br />
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]<br />
<br />
Compliance Committee Changes (Discussion) - Addressing top community concerns from the election. (Greg)<br />
Business Plan Development (Discussion) - Setting a road map, goals, KPIs, etc. (Greg)</div>Devgreghttps://wiki.owasp.org/index.php?title=Projects/OWASP_DefectDojo/Releases/Last_Reviewed_Release&diff=236777Projects/OWASP DefectDojo/Releases/Last Reviewed Release2018-01-12T22:29:23Z<p>Devgreg: </p>
<hr />
<div>1.2.1</div>Devgreghttps://wiki.owasp.org/index.php?title=Projects/OWASP_DefectDojo/Releases/Current&diff=236776Projects/OWASP DefectDojo/Releases/Current2018-01-12T22:29:00Z<p>Devgreg: </p>
<hr />
<div>1.2.1</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=236775OWASP DefectDojo Project2018-01-12T22:28:28Z<p>Devgreg: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/docs/getting-started.rst Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [15 Dec 2017] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.2.1 Version 1.2.1 Released]<br />
* [20 Sep 2017] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.2 Version 1.2.0 Released]<br />
* [19 Dec 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.3 Version 1.1.3 Released]<br />
* [12 Nov 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.2 Version 1.1.2 Released]<br />
* [13 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.1 Version 1.1.1 Released]<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
The project is extremely grateful for all of our contributors both prior to becoming open source and after. <br />
[https://github.com/OWASP/django-DefectDojo/graphs/contributors Contributors since going open source].<br />
<br />
==Sponsors==<br />
[[Image:xing_logo.png|link=https://corporate.xing.com/en/about-xing/security/|www.xing.com]]<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/OWASP/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]<br />
[[Category:Projects|DefectDojo]]<br />
[[Category:Incubator Projects|DefectDojo]]<br />
[[Category:OWASP DefectDojo|DefectDojo]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=236774OWASP DefectDojo Project2018-01-12T22:27:52Z<p>Devgreg: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/docs/getting-started.rst Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [15 Dec 2017] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.2.1 1.2.1 Released]<br />
* [20 Sep 2017] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.2 1.2.0 Released]<br />
* [19 Dec 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.3 1.1.3 Released]<br />
* [12 Nov 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.2 1.1.2 Released]<br />
* [13 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.1 1.1.1 Released]<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
The project is extremely grateful for all of our contributors both prior to becoming open source and after. <br />
[https://github.com/OWASP/django-DefectDojo/graphs/contributors Contributors since going open source].<br />
<br />
==Sponsors==<br />
[[Image:xing_logo.png|link=https://corporate.xing.com/en/about-xing/security/|www.xing.com]]<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/OWASP/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]<br />
[[Category:Projects|DefectDojo]]<br />
[[Category:Incubator Projects|DefectDojo]]<br />
[[Category:OWASP DefectDojo|DefectDojo]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=236773OWASP DefectDojo Project2018-01-12T22:27:10Z<p>Devgreg: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/docs/getting-started.rst Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
The project is extremely grateful for all of our contributors both prior to becoming open source and after. <br />
[https://github.com/OWASP/django-DefectDojo/graphs/contributors Contributors since going open source].<br />
<br />
==Sponsors==<br />
[[Image:xing_logo.png|link=https://corporate.xing.com/en/about-xing/security/|www.xing.com]]<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/OWASP/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]<br />
[[Category:Projects|DefectDojo]]<br />
[[Category:Incubator Projects|DefectDojo]]<br />
[[Category:OWASP DefectDojo|DefectDojo]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=236546OWASP DefectDojo Project2018-01-03T03:26:24Z<p>Devgreg: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/docs/getting-started.rst Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
The project is extremely grateful for all of our contributors both prior to becoming open source and after. <br />
[https://github.com/OWASP/django-DefectDojo/graphs/contributors Contributors since going open source].<br />
<br />
==Sponsors==<br />
[[Image:xing_logo.png|link=https://corporate.xing.com/en/about-xing/security/|www.xing.com]]<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]<br />
[[Category:Projects|DefectDojo]]<br />
[[Category:Incubator Projects|DefectDojo]]<br />
[[Category:OWASP DefectDojo|DefectDojo]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=236545OWASP DefectDojo Project2018-01-03T03:25:55Z<p>Devgreg: acknowledgement update</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/docs/getting-started.rst Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
The project is extremely grateful for all of our contributors both prior to becoming open source and after. <br />
[https://github.com/OWASP/django-DefectDojo/graphs/contributors Contributors since going open source].<br />
<br />
==Sponsors==<br />
[[Image:xing_logo.png|link=https://corporate.xing.com/en/about-xing/security/|www.xing.com]<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs></headertabs> <br />
<br />
[[Category:OWASP Project]]<br />
[[Category:OWASP_Builders]]<br />
[[Category:OWASP_Defenders]]<br />
[[Category:OWASP_Tool]]<br />
[[Category:Projects|DefectDojo]]<br />
[[Category:Incubator Projects|DefectDojo]]<br />
[[Category:OWASP DefectDojo|DefectDojo]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_Board_Meetings_January_Agenda&diff=236301OWASP Board Meetings January Agenda2017-12-17T03:42:16Z<p>Devgreg: </p>
<hr />
<div>The purpose of the board meeting is to provide a monthly update of the OWASP Foundation status and direction of the activities going on worldwide. Finance and Committee Reports from Global Committee's are key to the mission of OWASP Foundation<br />
<br />
If you have any questions or would like to contact a board member [https://www.owasp.org/index.php/Contact Contact Us]<br />
<br />
<hr /><br />
<br />
<b> AGENDA </b><br />
<br />
<u>OWASP OPERATIONAL REPORT</u><br />
OWASP Finance Report - Presented by: Alison/Kate<br />
* [https://www.owasp.org/index.php/OWASP_Foundation Finance Report] - [https://www.owasp.org/images/1/17/Balance_Sheet_-_2008.pdf Balance Sheet - 2008]<br />
* [http://www.owasp.org/index.php/Advertising Advertising Report]<br />
<br />
<u>INDIVIDUAL COMMITTEE REPORTS</u><br />
* [https://www.owasp.org/index.php/Global_Membership_Committee Global Membership Committee] Update - Brennan<br />
[http://www.owasp.org/index.php/Membership/members Individual Member] / [http://www.owasp.org/index.php/Membership#Current_OWASP_Members Organizational Supporter]<br />
<br />
* [https://www.owasp.org/index.php/Global_Industry_Committee Global Industry Committee] Update - Brennan<br />
* [https://www.owasp.org/index.php/Global_Conferences_Committee Global Conferences Committee] Update - Dave<br />
* [https://www.owasp.org/index.php/Global_Projects_and_Tools_Committee Global Projects Committee] Update - Dinis<br />
* [https://www.owasp.org/index.php/Global_Chapter_Committee Global Chapter Committee] Update - Seba<br />
* [https://www.owasp.org/index.php/Global_Education_Committee Global Education Committee] Update - Seba<br />
<br />
<u>OLD BUSINESS</u><br />
* 60/40 Split Membership Drive<br />
* Banner Ads<br />
* <tbd><br />
<br />
<u>NEW BUSINESS</u><br />
* Board Vote on committee plans - Membership<br />
* Board review of committee nominations - Stephen Craig Evans (membership), Andrzej Targosz (Education)<br />
* OWASP Infrastructure - Summary of events since the last board meeting, Moving forward, Request for upgrades<br />
* Jerry - Kate <br />
<br />
<u> ACTION ITEMS </u><br />
Action Items as a result of this board meeting<br />
1. Membership proposal - APPROVED effective 2/1/2009 to kick off the 60/40 membership split. Proposal review, tweaks to be completed by all board members by Jan 9th. Brennan will update committee page for RFC and finalize the membership page on or before 2/1/2009 and launch to OWASP-ALL<br />
<br />
2 Justin Derry application post to Global Committee, Wayne<br />
3 <br />
4 <br />
5</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_Board_Meetings_January_Agenda&diff=236300OWASP Board Meetings January Agenda2017-12-17T03:39:16Z<p>Devgreg: </p>
<hr />
<div>The purpose of the board meeting is to provide a monthly update of the OWASP Foundation status and direction of the activities going on worldwide. Finance and Committee Reports from Global Committee's are key to the mission of OWASP Foundation<br />
<br />
If you have any questions or would like to contact a board member [https://www.owasp.org/index.php/Contact Contact Us]<br />
<br />
<hr /><br />
<br />
<b> AGENDA </b><br />
<br />
<u>OWASP OPERATIONAL REPORT</u><br />
OWASP Finance Report - Presented by: Alison/Kate<br />
* [https://www.owasp.org/index.php/OWASP_Foundation Finance Report] - [https://www.owasp.org/images/1/17/Balance_Sheet_-_2008.pdf Balance Sheet - 2008]<br />
* [http://www.owasp.org/index.php/Advertising Advertising Report]<br />
<br />
<u>INDIVIDUAL COMMITTEE REPORTS</u><br />
* [https://www.owasp.org/index.php/Global_Membership_Committee Global Membership Committee] Update - Brennan<br />
[http://www.owasp.org/index.php/Membership/members Individual Member] / [http://www.owasp.org/index.php/Membership#Current_OWASP_Members Organizational Supporter]<br />
<br />
* [https://www.owasp.org/index.php/Global_Industry_Committee Global Industry Committee] Update - Brennan<br />
* [https://www.owasp.org/index.php/Global_Conferences_Committee Global Conferences Committee] Update - Dave<br />
* [https://www.owasp.org/index.php/Global_Projects_and_Tools_Committee Global Projects Committee] Update - Dinis<br />
* [https://www.owasp.org/index.php/Global_Chapter_Committee Global Chapter Committee] Update - Seba<br />
* [https://www.owasp.org/index.php/Global_Education_Committee Global Education Committee] Update - Seba<br />
<br />
<u>OLD BUSINESS</u><br />
* 60/40 Split Membership Drive<br />
* Banner Ads<br />
* <tbd><br />
<br />
<u>NEW BUSINESS</u><br />
* Board Vote on committee plans - Membership<br />
* Board review of committee nominations - Stephen Craig Evans (membership), Andrzej Targosz (Education)<br />
* OWASP Infrastructure - Summary of events since the last board meeting, Moving forward, Request for upgrades<br />
* Jerry - Kate<br />
* Compliance committee revisions - Greg<br />
* AppSec USA planning update - Greg<br />
* Project vs initiatives and cleaning up the OWASP projects section - Greg <br />
<br />
<u> ACTION ITEMS </u><br />
Action Items as a result of this board meeting<br />
1. Membership proposal - APPROVED effective 2/1/2009 to kick off the 60/40 membership split. Proposal review, tweaks to be completed by all board members by Jan 9th. Brennan will update committee page for RFC and finalize the membership page on or before 2/1/2009 and launch to OWASP-ALL<br />
<br />
2 Justin Derry application post to Global Committee, Wayne<br />
3 <br />
4 <br />
5</div>Devgreghttps://wiki.owasp.org/index.php?title=GSOC2017_Ideas&diff=225910GSOC2017 Ideas2017-02-02T15:52:28Z<p>Devgreg: </p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
* Read the [[GSoC SAT]]<br />
* Check out the suggested projects below<br />
* Contact the mentors and teams of the projects that you are interested in<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
<br />
=== Challenge Pack 2017 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] and [https://github.com/bkimminich/juice-shop/issues/243 Pomace Recycling user stories])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
* Check out the corresponding GitHub milestone for this project: https://github.com/bkimminich/juice-shop/milestone/3<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich] - OWASP Juice Shop Project Leader<br />
<br />
=== Tech Stack Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frameworks and modules:<br />
<br />
* AngularJS 1.x with Bootstrap in the client<br />
* Express on top of NodeJS on the server with<br />
** SQLite as a database<br />
** Sequelize as an OR-Mapper<br />
*** sequelize-restful as an automatic API-generator on top of the DB entities<br />
* Jasmine 1.x to specify behavioral tests<br />
** Karma as a test runner for the client-side unit tests<br />
** Frisby.js for API tests on a dynamically launched server<br />
** Protractor for end-to-end testing of the challenge exploits<br />
* NPM for running/testing the application<br />
* Grunt for some of the custom build scripts<br />
<br />
Several of the above frameworks or modules have moved on to new (runtime incompatible) major releases, namely [https://github.com/bkimminich/juice-shop/issues/165 Angular 2], [https://github.com/bkimminich/juice-shop/issues/167 Sequelize], [https://github.com/bkimminich/juice-shop/issues/164 Frisby and Jasmine]. Other modules are out of maintenance entirely, e.g. [https://github.com/bkimminich/juice-shop/issues/167 sequelize-restful].<br />
<br />
Migrating the OWASP Juice Shop to the latest versions of the mentioned frameworks & modules is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
* Check out the corresponding GitHub milestone for this project: https://github.com/bkimminich/juice-shop/milestone/2<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, backend, testing and building (e.g. AngularJS 2.x, Jasmine 2.x, ...)<br />
<br />
'''Mentors:'''<br />
* [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich] - OWASP Juice Shop Project Leader<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich] - OWASP Juice Shop Project Leader<br />
<br />
== OWASP Mobile Hacking Playground ==<br />
<br />
The OWASP Mobile Hacking Playground (https://github.com/OWASP/OMTG-Hacking-Playground) is part of the OWASP Mobile universe, which consists at the moment of the following projects: <br />
<br />
* Mobile Application Security Verification (MASVS). The MASVS is a list of security requirements for mobile applications that can be used by architects, developers, testers, security professionals, and consumers to define what a secure mobile application is. (https://github.com/OWASP/owasp-masvs)<br />
* Mobile Security Testing Guide (MSTG). The OWASP MSTG is a comprehensive manual for testing the security of mobile apps. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). The MSTG is meant to provide a baseline set of test cases for dynamic and static security tests, and to help ensure completeness and consistency of the tests. (https://github.com/OWASP/owasp-mstg)<br />
<br />
In order to give also practical guidance to developers, security researches and penetration testers of mobile Apps, a hacking playground was created with the goal to create different mobile App’s that contain different vulnerabilities that map to the MSTG test cases. Every test case described in the MSTG will therefore be implemented in an Android and iOS App. This has two advantages:<br />
<br />
* A developer can identify vulnerable code in the provided App’s and can see the implications and risks if such patterns are used and can look for the best practices in the MSTG to mitigate the vulnerabilities.<br />
* Penetration testers / security researchers can identify bad practices, dangerous methods and classes they should look for when assessing a Mobile App and can gain more knowledge through the information provided in the OMTG.<br />
<br />
It is also encouraged to use the App(s) for education purpose during trainings and workshops.<br />
<br />
<br />
=== Creation of Android Code Samples ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
An Android App that maps to the MSTG test cases is already created. This App contains mostly test cases that are related to data storage on an Android device. In order to close the gap to the MSTG more test cases need to be added that show "bad practices" that lead to vulnerabilites, but also the latest security best practices to demonstrate how vulnerabilites can be mitigated. <br />
<br />
For examples of implemented test cases, see the Wiki of the Mobile Hacking Playground: https://github.com/OWASP/OMTG-Hacking-Playground/wiki/Android-App<br />
<br />
<br />
'''Expected Results:'''<br />
<br />
The following categories and their test cases are not fully added to the Android App:<br />
<br />
* Cryptography (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x08-V3-Cryptography_Verification_Requirements.md)<br />
* Authentication and Session Management (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x09-V4-Authentication_and_Session_Management%20Requirements.md)<br />
* Network Communication (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x10-V5-Network_communication_requirements.md)<br />
* Environmental Interaction (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x11-V6-Interaction_with_the_environment.md)<br />
* Code Quality (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x12-V7-Code_quality_and_build_setting_requirements.md)<br />
<br />
For some of the testcases this also includes creating an endpoint on server side in order to fully understand the test case and possible security concerns.<br />
<br />
As not all missing test cases can be implemented during the GSOC a subset of them will be defined with the student together. <br />
<br />
<br />
<br />
''' Getting started: '''<br />
Here are a few suggestion on how to get started.<br />
* Check the Mobile Hacking Playground Android App, browse through the code and Wiki to get an understanding of what a test case look likes. <br />
* Browse through the MASVS and check the different areas and their defined requirements.<br />
* Read about Security vulnerabilites and best practices for Android in areas you are interested in (e.g. Cryptography).<br />
<br />
'''Knowledge Prerequisites:'''<br />
General interest in Mobile and Security. Basic knowledge of Android and Java.<br />
<br />
<br />
'''Mentors:''' [mailto:sven.schleier@owasp.org Sven Schleier] - OWASP Mobile Security Testing Guide and Mobile Hacking Playground Project Leader<br />
<br />
== OWASP ZAP ==<br />
<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
<br />
=== Field Enumeration ===<br />
:<br />
:This would allow a user to iterate though a set of (user defined) characters in order to identify the ones that are filtered out and/or escaped.<br />
:<br />
:The user should be able to define the character sets to test and will probably need to configure the success and failure conditions, as well as valid values for other fields in the form.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* User able to specify a specific field to enumerate via the ZAP UI<br />
:* A list of all valid characters to be returned from the sets of characters the user specifies<br />
:* Ability to configure a wide range of success and failure conditions to cope with as many possible situations as possible<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:''' Mentors '''<br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
:<br />
<br />
=== Scripting Code Completion ===<br />
:<br />
:ZAP provides a very powerful scripting interface. Unfortunately to use it effectively is only really possible with a good knowledge of the ZAP internals. Adding code completion (eg using a project like https://github.com/bobbylight/AutoComplete) would significantly help users.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Code completion for all of the parameters for all available functions in the standard scripts<br />
:* Implementations for JavaScript, JRuby and Jython<br />
:* Helper classes with code completion for commonly required functionality<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== SSRF Detector Integration ===<br />
:<br />
:Currently ZAP does not detect SSRF vulnerabilities, due to the lack of this sort of service. https://ssrfdetector.com/ is an online service for detecting Server Side Request Forgery vulnerabilities (SSRF). It is developed and maintained by Jake Reynolds and is open source https://github.com/jacobreynolds/ssrfdetector<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Extend ZAP to detect SSRF vulnerabilities and interact with other services such as outlined above.<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Support Java as a Scripting Language ===<br />
:<br />
:It would be very useful to support Java in addition to the JSR223 scripting languages within the ZAP script console'.<br />
:<br />
:It should be possible to provide much better auto complete support than will be possible with dynamically typed scripting languages.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* The ability to run Java code in the ZAP Script Console to the same leval as other supported scripting languages<br />
:* Templates for all of the current script types<br />
:* Optionally auto complete supported<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Bamboo Support ===<br />
:<br />
:ZAP already has an official plugin for Jenkins (https://wiki.jenkins-ci.org/display/JENKINS/zap+plugin). <br />
:<br />
:It would be great if we also had similar integration for Bamboo (https://www.atlassian.com/software/bamboo, https://en.wikipedia.org/wiki/Bamboo_(software))<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Facilitate the invocation and configuration of various ZAP functionalities from Bamboo CI. Including (but not limited to):<br />
::*Manage Sessions (Loading/Persisting)<br />
::*Define Context (Name, Include & Exclude URLs)<br />
::* Attack Contexts (Spider, Ajax Spider, Active Scan)<br />
::* Setup Autentication (Formed or Script Based)<br />
::* Generate Reports<br />
:* Templates for all of the current script types<br />
:* Optionally auto complete supported<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of CI/CD/Bamboo would be useful.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning.<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:''' Getting started '''<br />
:* Get in touch with us :)<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
:<br />
<br />
== BLT / Bugheist ==<br />
<br />
'''Brief Explanation:'''<br />
<br />
Bugheist lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
''' Getting started '''<br />
* Get in touch with us :)<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes Bugheist even better<br />
<br />
<br />
'''Knowledge Prerequisites:'''<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:''' <br />
[https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] and the rest of the BLT Core Team<br />
<br />
<br />
<br />
== OWASP Security Knowledge framework ==<br />
<br />
===Brief Explanation===<br />
The OWASP Security Knowledge Framework is intended to be a tool that is used as a guide for building and verifying secure software. It can also be used to train developers about application security. Education is the first step in the Secure Software Development Lifecycle. This software can be run on Windows/Linux/OSX using python-flask.<br />
<br />
'''In a nutshell''' <br />
<br />
- Training developers in writing secure code<br />
<br />
- Security support pre-development ( Security by design, early feedback of possible security issues )<br />
<br />
- Security support post-development ( Double check your code by means of the OWASP ASVS checklists )<br />
<br />
- Code examples for secure coding<br />
<br />
===Your idea / Getting started===<br />
* Please send an email to riccardo.ten.cate@owasp.org [riccardo.ten.cate@owasp.org] or glenn.ten.cate@owasp.org [glenn.ten.cate@owasp.org] and we would love to tell you all about it! :-)<br />
<br />
===Expected Results===<br />
* Adding features to SKF project<br />
* Adding more function examples to pre-development phase<br />
* Adding/updating code examples ( PHP, Java, .NET, Go, Python, NodeJS and more )<br />
* Adding/updating Knowledgebase items<br />
* Adding CWE references to knowledgebase items<br />
* Adding low/medium level verification testing guides for developers to teach how to manually verify the existence of injection/logic flaws. (pen-testing)<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* For helping in the development of new features and functions Python flask would come in handy since the framework is written in python flask.<br />
* For writing knowledgebase items only technical knowledge of application security is required<br />
* For writing / updating code examples you need to know a programming language along with secure development.<br />
* For writing the verification guide you need some penetration testing experience. <br />
<br />
'''Mentors:''' <br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org]<br />
Glenn ten Cate [mailto:glenn.ten.cate@owasp.org]<br />
<br />
== OWASP ZSC ==<br />
<br />
'''Brief Explanation:'''<br />
<br />
OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python<br />
https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project<br />
<br />
''' Getting started '''<br />
* Get in touch with us on Github:<br />
https://github.com/zscproject/OWASP-ZSC<br />
<br />
Project Leaders:<br />
*https://www.owasp.org/index.php/User:Ali_Razmjoo<br />
*https://www.owasp.org/index.php/User:Johanna_Curiel<br />
<br />
'''Expected Results:'''<br />
We have a list of potential modules we want to build<br />
To get familiar with the project, please check our installation and developer guidelines:<br />
https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details<br />
<br />
Contact us through Github, send us a question:<br />
https://github.com/zscproject/OWASP-ZSC<br />
<br />
* New obfuscation modules<br />
* New shellcodes for OSX and Windows <br />
<br />
<br />
'''Knowledge Prerequisites:'''<br />
OWASP ZSC is written in Python, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:''' <br />
Brian Beaudry & Patrik Patel<br />
Please contact us through Github<br />
https://github.com/zscproject/OWASP-ZSC<br />
<br />
<br />
<br />
== OWASP Seraphimdroid mobile security project ==<br />
<br />
<br />
=== Behavioral malware and intrusion analysis ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
[[OWASP_SeraphimDroid_Project|OWASP Seraphimdroid]] is an Android mobile app which already has a capability to statically analyze malware using machine learning (weka toolkit) relying on permissions. However, this is usually not enough and we intend to improve this with behavioral analysis. There are a number of paper in scientific literature describing how to detect malware and intrusions by dynamically analyzing its behavior (system calls, battery consumption, etc.). The idea of this project is to find the best approach that can be implemented on the device and implement it.<br />
<br />
'''Expected Results:'''<br />
<br />
* Reviewing scientific literature and find feasible approach we can take<br />
* Implement and possibly improve the approach in Seraphimdroid<br />
* Test the model and provide controls to switch algorithm on or off and possibly fine tune it<br />
* Documenting approach as a technical report<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Java<br />
* Android<br />
* CSV, XML<br />
* Basic knowledge and interest in machine learning<br />
<br />
'''Mentors:''' <br />
* [[User:Nikola_Milosevic|Nikola Milosevic]] - OWASP Seraphimdroid Project Leader<br />
<br />
=== Framework for plugin development ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
[[OWASP_SeraphimDroid_Project|OWASP Seraphimdroid]] is well rounded security and privacy app, however, it lacks some components community can provide. We would like to provide community the way to develop plugins that can add features to OWASP Seraphimdroid app. However, the way of integrating external components into Android app may be challenge. The way of presenting GUI and integration between processes need to be examined and developed. <br />
<br />
'''Expected Results:'''<br />
<br />
* Examining the way of integrating third party apps through some provided API to OWASP Seraphimdroid<br />
* Providing GUI integration with third party components<br />
* Develop at least one test plugin<br />
* Document the development process and API<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Java<br />
* Android<br />
* CSV, XML<br />
<br />
'''Mentors:''' <br />
* [[User:Nikola_Milosevic|Nikola Milosevic]] - OWASP Seraphimdroid Project Leader<br />
<br />
== OWASP DefectDojo ==<br />
<br />
'''Brief Explanation:'''<br />
<br />
DefectDojo is a security automation and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers.<br />
<br />
'''Expected Results:'''<br />
<br />
* Multiple opportunities for students to get involved with DefectDojo ranging in difficulty from easy to advanced<br />
* Students will receive hands-on experience in a full-stack software development project<br />
* Students will have the opportunity to work on a project with multiple moving parts and third-party interactions<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Python<br />
* HTML, Bootstrap<br />
<br />
''' Getting started: '''<br />
* We have a [http://defectdojo.readthedocs.io/en/latest/ Read the Docs Site]<br />
<br />
<br />
'''Mentors:''' <br />
* [[User:devgreg|Greg Anderson]] - OWASP DefectDojo Project Leader</div>Devgreghttps://wiki.owasp.org/index.php?title=GSOC2017_Ideas&diff=225909GSOC2017 Ideas2017-02-02T15:51:20Z<p>Devgreg: </p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
* Read the [[GSoC SAT]]<br />
* Check out the suggested projects below<br />
* Contact the mentors and teams of the projects that you are interested in<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
<br />
=== Challenge Pack 2017 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] and [https://github.com/bkimminich/juice-shop/issues/243 Pomace Recycling user stories])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
* Check out the corresponding GitHub milestone for this project: https://github.com/bkimminich/juice-shop/milestone/3<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich] - OWASP Juice Shop Project Leader<br />
<br />
=== Tech Stack Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frameworks and modules:<br />
<br />
* AngularJS 1.x with Bootstrap in the client<br />
* Express on top of NodeJS on the server with<br />
** SQLite as a database<br />
** Sequelize as an OR-Mapper<br />
*** sequelize-restful as an automatic API-generator on top of the DB entities<br />
* Jasmine 1.x to specify behavioral tests<br />
** Karma as a test runner for the client-side unit tests<br />
** Frisby.js for API tests on a dynamically launched server<br />
** Protractor for end-to-end testing of the challenge exploits<br />
* NPM for running/testing the application<br />
* Grunt for some of the custom build scripts<br />
<br />
Several of the above frameworks or modules have moved on to new (runtime incompatible) major releases, namely [https://github.com/bkimminich/juice-shop/issues/165 Angular 2], [https://github.com/bkimminich/juice-shop/issues/167 Sequelize], [https://github.com/bkimminich/juice-shop/issues/164 Frisby and Jasmine]. Other modules are out of maintenance entirely, e.g. [https://github.com/bkimminich/juice-shop/issues/167 sequelize-restful].<br />
<br />
Migrating the OWASP Juice Shop to the latest versions of the mentioned frameworks & modules is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
* Check out the corresponding GitHub milestone for this project: https://github.com/bkimminich/juice-shop/milestone/2<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, backend, testing and building (e.g. AngularJS 2.x, Jasmine 2.x, ...)<br />
<br />
'''Mentors:'''<br />
* [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich] - OWASP Juice Shop Project Leader<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich] - OWASP Juice Shop Project Leader<br />
<br />
== OWASP Mobile Hacking Playground ==<br />
<br />
The OWASP Mobile Hacking Playground (https://github.com/OWASP/OMTG-Hacking-Playground) is part of the OWASP Mobile universe, which consists at the moment of the following projects: <br />
<br />
* Mobile Application Security Verification (MASVS). The MASVS is a list of security requirements for mobile applications that can be used by architects, developers, testers, security professionals, and consumers to define what a secure mobile application is. (https://github.com/OWASP/owasp-masvs)<br />
* Mobile Security Testing Guide (MSTG). The OWASP MSTG is a comprehensive manual for testing the security of mobile apps. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). The MSTG is meant to provide a baseline set of test cases for dynamic and static security tests, and to help ensure completeness and consistency of the tests. (https://github.com/OWASP/owasp-mstg)<br />
<br />
In order to give also practical guidance to developers, security researches and penetration testers of mobile Apps, a hacking playground was created with the goal to create different mobile App’s that contain different vulnerabilities that map to the MSTG test cases. Every test case described in the MSTG will therefore be implemented in an Android and iOS App. This has two advantages:<br />
<br />
* A developer can identify vulnerable code in the provided App’s and can see the implications and risks if such patterns are used and can look for the best practices in the MSTG to mitigate the vulnerabilities.<br />
* Penetration testers / security researchers can identify bad practices, dangerous methods and classes they should look for when assessing a Mobile App and can gain more knowledge through the information provided in the OMTG.<br />
<br />
It is also encouraged to use the App(s) for education purpose during trainings and workshops.<br />
<br />
<br />
=== Creation of Android Code Samples ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
An Android App that maps to the MSTG test cases is already created. This App contains mostly test cases that are related to data storage on an Android device. In order to close the gap to the MSTG more test cases need to be added that show "bad practices" that lead to vulnerabilites, but also the latest security best practices to demonstrate how vulnerabilites can be mitigated. <br />
<br />
For examples of implemented test cases, see the Wiki of the Mobile Hacking Playground: https://github.com/OWASP/OMTG-Hacking-Playground/wiki/Android-App<br />
<br />
<br />
'''Expected Results:'''<br />
<br />
The following categories and their test cases are not fully added to the Android App:<br />
<br />
* Cryptography (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x08-V3-Cryptography_Verification_Requirements.md)<br />
* Authentication and Session Management (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x09-V4-Authentication_and_Session_Management%20Requirements.md)<br />
* Network Communication (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x10-V5-Network_communication_requirements.md)<br />
* Environmental Interaction (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x11-V6-Interaction_with_the_environment.md)<br />
* Code Quality (https://github.com/OWASP/owasp-masvs/blob/master/Document/0x12-V7-Code_quality_and_build_setting_requirements.md)<br />
<br />
For some of the testcases this also includes creating an endpoint on server side in order to fully understand the test case and possible security concerns.<br />
<br />
As not all missing test cases can be implemented during the GSOC a subset of them will be defined with the student together. <br />
<br />
<br />
<br />
''' Getting started: '''<br />
Here are a few suggestion on how to get started.<br />
* Check the Mobile Hacking Playground Android App, browse through the code and Wiki to get an understanding of what a test case look likes. <br />
* Browse through the MASVS and check the different areas and their defined requirements.<br />
* Read about Security vulnerabilites and best practices for Android in areas you are interested in (e.g. Cryptography).<br />
<br />
'''Knowledge Prerequisites:'''<br />
General interest in Mobile and Security. Basic knowledge of Android and Java.<br />
<br />
<br />
'''Mentors:''' [mailto:sven.schleier@owasp.org Sven Schleier] - OWASP Mobile Security Testing Guide and Mobile Hacking Playground Project Leader<br />
<br />
== OWASP ZAP ==<br />
<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
<br />
=== Field Enumeration ===<br />
:<br />
:This would allow a user to iterate though a set of (user defined) characters in order to identify the ones that are filtered out and/or escaped.<br />
:<br />
:The user should be able to define the character sets to test and will probably need to configure the success and failure conditions, as well as valid values for other fields in the form.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* User able to specify a specific field to enumerate via the ZAP UI<br />
:* A list of all valid characters to be returned from the sets of characters the user specifies<br />
:* Ability to configure a wide range of success and failure conditions to cope with as many possible situations as possible<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:''' Mentors '''<br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
:<br />
<br />
=== Scripting Code Completion ===<br />
:<br />
:ZAP provides a very powerful scripting interface. Unfortunately to use it effectively is only really possible with a good knowledge of the ZAP internals. Adding code completion (eg using a project like https://github.com/bobbylight/AutoComplete) would significantly help users.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Code completion for all of the parameters for all available functions in the standard scripts<br />
:* Implementations for JavaScript, JRuby and Jython<br />
:* Helper classes with code completion for commonly required functionality<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== SSRF Detector Integration ===<br />
:<br />
:Currently ZAP does not detect SSRF vulnerabilities, due to the lack of this sort of service. https://ssrfdetector.com/ is an online service for detecting Server Side Request Forgery vulnerabilities (SSRF). It is developed and maintained by Jake Reynolds and is open source https://github.com/jacobreynolds/ssrfdetector<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Extend ZAP to detect SSRF vulnerabilities and interact with other services such as outlined above.<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Support Java as a Scripting Language ===<br />
:<br />
:It would be very useful to support Java in addition to the JSR223 scripting languages within the ZAP script console'.<br />
:<br />
:It should be possible to provide much better auto complete support than will be possible with dynamically typed scripting languages.<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* The ability to run Java code in the ZAP Script Console to the same leval as other supported scripting languages<br />
:* Templates for all of the current script types<br />
:* Optionally auto complete supported<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Bamboo Support ===<br />
:<br />
:ZAP already has an official plugin for Jenkins (https://wiki.jenkins-ci.org/display/JENKINS/zap+plugin). <br />
:<br />
:It would be great if we also had similar integration for Bamboo (https://www.atlassian.com/software/bamboo, https://en.wikipedia.org/wiki/Bamboo_(software))<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Facilitate the invocation and configuration of various ZAP functionalities from Bamboo CI. Including (but not limited to):<br />
::*Manage Sessions (Loading/Persisting)<br />
::*Define Context (Name, Include & Exclude URLs)<br />
::* Attack Contexts (Spider, Ajax Spider, Active Scan)<br />
::* Setup Autentication (Formed or Script Based)<br />
::* Generate Reports<br />
:* Templates for all of the current script types<br />
:* Optionally auto complete supported<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of CI/CD/Bamboo would be useful.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning.<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:''' Getting started '''<br />
:* Get in touch with us :)<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
:<br />
:'''Mentors:''' <br />
:[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
:<br />
<br />
== BLT / Bugheist ==<br />
<br />
'''Brief Explanation:'''<br />
<br />
Bugheist lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
''' Getting started '''<br />
* Get in touch with us :)<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes Bugheist even better<br />
<br />
<br />
'''Knowledge Prerequisites:'''<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:''' <br />
[https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] and the rest of the BLT Core Team<br />
<br />
<br />
<br />
== OWASP Security Knowledge framework ==<br />
<br />
===Brief Explanation===<br />
The OWASP Security Knowledge Framework is intended to be a tool that is used as a guide for building and verifying secure software. It can also be used to train developers about application security. Education is the first step in the Secure Software Development Lifecycle. This software can be run on Windows/Linux/OSX using python-flask.<br />
<br />
'''In a nutshell''' <br />
<br />
- Training developers in writing secure code<br />
<br />
- Security support pre-development ( Security by design, early feedback of possible security issues )<br />
<br />
- Security support post-development ( Double check your code by means of the OWASP ASVS checklists )<br />
<br />
- Code examples for secure coding<br />
<br />
===Your idea / Getting started===<br />
* Please send an email to riccardo.ten.cate@owasp.org [riccardo.ten.cate@owasp.org] or glenn.ten.cate@owasp.org [glenn.ten.cate@owasp.org] and we would love to tell you all about it! :-)<br />
<br />
===Expected Results===<br />
* Adding features to SKF project<br />
* Adding more function examples to pre-development phase<br />
* Adding/updating code examples ( PHP, Java, .NET, Go, Python, NodeJS and more )<br />
* Adding/updating Knowledgebase items<br />
* Adding CWE references to knowledgebase items<br />
* Adding low/medium level verification testing guides for developers to teach how to manually verify the existence of injection/logic flaws. (pen-testing)<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* For helping in the development of new features and functions Python flask would come in handy since the framework is written in python flask.<br />
* For writing knowledgebase items only technical knowledge of application security is required<br />
* For writing / updating code examples you need to know a programming language along with secure development.<br />
* For writing the verification guide you need some penetration testing experience. <br />
<br />
'''Mentors:''' <br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org]<br />
Glenn ten Cate [mailto:glenn.ten.cate@owasp.org]<br />
<br />
== OWASP ZSC ==<br />
<br />
'''Brief Explanation:'''<br />
<br />
OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python<br />
https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project<br />
<br />
''' Getting started '''<br />
* Get in touch with us on Github:<br />
https://github.com/zscproject/OWASP-ZSC<br />
<br />
Project Leaders:<br />
*https://www.owasp.org/index.php/User:Ali_Razmjoo<br />
*https://www.owasp.org/index.php/User:Johanna_Curiel<br />
<br />
'''Expected Results:'''<br />
We have a list of potential modules we want to build<br />
To get familiar with the project, please check our installation and developer guidelines:<br />
https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details<br />
<br />
Contact us through Github, send us a question:<br />
https://github.com/zscproject/OWASP-ZSC<br />
<br />
* New obfuscation modules<br />
* New shellcodes for OSX and Windows <br />
<br />
<br />
'''Knowledge Prerequisites:'''<br />
OWASP ZSC is written in Python, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:''' <br />
Brian Beaudry & Patrik Patel<br />
Please contact us through Github<br />
https://github.com/zscproject/OWASP-ZSC<br />
<br />
<br />
<br />
== OWASP Seraphimdroid mobile security project ==<br />
<br />
<br />
=== Behavioral malware and intrusion analysis ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
[[OWASP_SeraphimDroid_Project|OWASP Seraphimdroid]] is an Android mobile app which already has a capability to statically analyze malware using machine learning (weka toolkit) relying on permissions. However, this is usually not enough and we intend to improve this with behavioral analysis. There are a number of paper in scientific literature describing how to detect malware and intrusions by dynamically analyzing its behavior (system calls, battery consumption, etc.). The idea of this project is to find the best approach that can be implemented on the device and implement it.<br />
<br />
'''Expected Results:'''<br />
<br />
* Reviewing scientific literature and find feasible approach we can take<br />
* Implement and possibly improve the approach in Seraphimdroid<br />
* Test the model and provide controls to switch algorithm on or off and possibly fine tune it<br />
* Documenting approach as a technical report<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Java<br />
* Android<br />
* CSV, XML<br />
* Basic knowledge and interest in machine learning<br />
<br />
'''Mentors:''' <br />
* [[User:Nikola_Milosevic|Nikola Milosevic]] - OWASP Seraphimdroid Project Leader<br />
<br />
=== Framework for plugin development ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
[[OWASP_SeraphimDroid_Project|OWASP Seraphimdroid]] is well rounded security and privacy app, however, it lacks some components community can provide. We would like to provide community the way to develop plugins that can add features to OWASP Seraphimdroid app. However, the way of integrating external components into Android app may be challenge. The way of presenting GUI and integration between processes need to be examined and developed. <br />
<br />
'''Expected Results:'''<br />
<br />
* Examining the way of integrating third party apps through some provided API to OWASP Seraphimdroid<br />
* Providing GUI integration with third party components<br />
* Develop at least one test plugin<br />
* Document the development process and API<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Java<br />
* Android<br />
* CSV, XML<br />
<br />
'''Mentors:''' <br />
* [[User:Nikola_Milosevic|Nikola Milosevic]] - OWASP Seraphimdroid Project Leader<br />
<br />
== OWASP DefectDojo ==<br />
<br />
'''Brief Explanation:'''<br />
<br />
DefectDojo is a security automation and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers.<br />
<br />
'''Expected Results:'''<br />
<br />
* Multiple opportunities for students to get involved with DefectDojo ranging in difficulty from easy to advanced<br />
* Students will receive hands-on experience in a full-stack security project<br />
* Students will have the opportunity to work on a project with multiple moving parts and third-party interactions.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Python<br />
* HTML, Bootstrap<br />
<br />
''' Getting started: '''<br />
* We have a [http://defectdojo.readthedocs.io/en/latest/ Read the Docs Site]<br />
<br />
<br />
'''Mentors:''' <br />
* [[User:devgreg|Greg Anderson]] - OWASP DefectDojo Project Leader</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=222404OWASP DefectDojo Project2016-10-13T19:55:12Z<p>Devgreg: /* News and Events */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
* [1 Oct 2016] [https://github.com/OWASP/django-DefectDojo/releases/tag/1.1.0 Version 1.1.0 Released]<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=Projects/OWASP_DefectDojo/Releases/Current&diff=222403Projects/OWASP DefectDojo/Releases/Current2016-10-13T19:53:16Z<p>Devgreg: </p>
<hr />
<div>1.1.0</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215820OWASP DefectDojo Project2016-04-22T02:37:32Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215819OWASP DefectDojo Project2016-04-22T02:37:11Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
[[File:dojo1.png|400px]]<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=File:Dojo1.png&diff=215818File:Dojo1.png2016-04-22T02:36:38Z<p>Devgreg: Devgreg uploaded a new version of &quot;File:Dojo1.png&quot;</p>
<hr />
<div></div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215817OWASP DefectDojo Project2016-04-22T02:36:18Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
[[File:dojo1.png]]<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215816OWASP DefectDojo Project2016-04-22T02:35:50Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
[[File:dojo1.png|800px]]<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215815OWASP DefectDojo Project2016-04-22T02:35:11Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
[[File:dojo1.png|400px]]<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=File:Dojo1.png&diff=215814File:Dojo1.png2016-04-22T02:34:20Z<p>Devgreg: Devgreg uploaded a new version of &quot;File:Dojo1.png&quot;</p>
<hr />
<div></div>Devgreghttps://wiki.owasp.org/index.php?title=File:Dojo1.png&diff=215813File:Dojo1.png2016-04-22T02:32:15Z<p>Devgreg: Devgreg uploaded a new version of &quot;File:Dojo1.png&quot;</p>
<hr />
<div></div>Devgreghttps://wiki.owasp.org/index.php?title=File:Dojo1.png&diff=215812File:Dojo1.png2016-04-22T02:30:38Z<p>Devgreg: Devgreg uploaded a new version of &quot;File:Dojo1.png&quot;</p>
<hr />
<div></div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215811OWASP DefectDojo Project2016-04-22T02:28:30Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
[[File:dojo1.png]]<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=215810OWASP DefectDojo Project2016-04-22T02:28:12Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
[[File:dojo.png]]<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=File:Dojo1.png&diff=215809File:Dojo1.png2016-04-22T02:26:55Z<p>Devgreg: </p>
<hr />
<div></div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212821OWASP DefectDojo Project2016-04-09T21:17:37Z<p>Devgreg: /* Contributors */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
[mailto:charles.neill@owasp.org Charles Neill]<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz][mailto:jay.paz@owasp.org @]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson - Greg wrote the original code base with Charles Neill<br />
* Charles Neill - Charles wrote the original code base with Greg Anderson.<br />
* Jay Paz - Jay added a multitude of functionalities / UI enhancements, that has made Dojo production ready.<br />
* Michael Dong - Michael dong contributed to the baseline self-service tools.<br />
*Fatimah Zohra - Fatimah also contributed to the baseline self-service tools.<br />
* Aarron Weaver - Added CheckMarx support.<br />
* Yaakov Saxon - Fixed ZAP and CWE parsing.<br />
* Matt Valdes - Fixed an issue with the Ansible install.<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212202OWASP DefectDojo Project2016-03-31T13:12:42Z<p>Devgreg: /* Testing */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer any help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212201OWASP DefectDojo Project2016-03-31T13:11:04Z<p>Devgreg: /* Testing */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to produce a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212200OWASP DefectDojo Project2016-03-31T13:09:59Z<p>Devgreg: /* Road Map and Getting Involved */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively work on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212199OWASP DefectDojo Project2016-03-31T13:07:38Z<p>Devgreg: /* How can I participate in your project? */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leaders aware of your available time to contribute to the project. It is also important to let the Leaders know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212198OWASP DefectDojo Project2016-03-31T13:03:05Z<p>Devgreg: /* Description */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. A complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212197OWASP DefectDojo Project2016-03-31T12:58:40Z<p>Devgreg: /* OWASP DefectDojo Tool Project */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to make optimizing vulnerability tracking less painful. The top goal of DefectDojo is to reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo accomplishes this by offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212183OWASP DefectDojo Project2016-03-31T02:30:43Z<p>Devgreg: /* Feedback */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212182OWASP DefectDojo Project2016-03-31T02:29:23Z<p>Devgreg: /* Feedback */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [TBD DefectDojo project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212181OWASP DefectDojo Project2016-03-31T02:28:47Z<p>Devgreg: /* Localization */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>DefectDojo</strong> into that language?<br />
<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212180OWASP DefectDojo Project2016-03-31T02:28:13Z<p>Devgreg: /* Road Map and Getting Involved */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of March, 2016, the highest priorities for the next 6 months are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212179OWASP DefectDojo Project2016-03-31T02:26:18Z<p>Devgreg: /* Project About */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of <strong>March, 2016, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212178OWASP DefectDojo Project2016-03-31T02:25:32Z<p>Devgreg: /* Licensing */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md BSD Simplified License].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of <strong>March, 2016, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md Simplified BSD]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212177OWASP DefectDojo Project2016-03-31T02:19:17Z<p>Devgreg: /* Road Map and Getting Involved */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the simplified BSD license found [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md here].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of <strong>March, 2016, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add:<br />
<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md Simplified BSD]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreghttps://wiki.owasp.org/index.php?title=OWASP_DefectDojo_Project&diff=212176OWASP DefectDojo Project2016-03-31T02:18:52Z<p>Devgreg: /* Road Map and Getting Involved */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
==OWASP DefectDojo Tool Project ==<br />
An open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools.<br />
<br />
DefectDojo is a tracking tool written in Python / Django. DefectDojo was created in 2013 and open-sourced on March 13th, 2015. The project was started to optimize vulnerability tracking and make it less painful. The top goal of DefectDojo is reduce the amount of time security professionals spend logging vulnerabilities. DefectDojo tries to accomplish this be offering a templating system for vulnerabilities, imports for common vulnerability scanners, report generation, and metrics.<br />
<br />
==Description==<br />
DefectDojo streamlines the testing process through several 'models' that an admin can manipulate with Python code. The core models include: 'engagements', 'tests' and 'findings'. DefectDojo has supplemental models that facilitate metrics, authentication, report generation, and tools. DefectDojo is written in Python 2.7 with Django 1.8.<br />
<br />
Testing or installing DefectDojo is easy. There is a live demo for interested parties to try Dojo [https://github.com/rackerlabs/django-DefectDojo#demo here]. If you decide to setup an instance of Dojo for your organization, we have developed a script that handles all dependencies, configures the database, and creates a super user. Complete installation instructions are found [https://github.com/rackerlabs/django-DefectDojo#installation here]. An complete walk-through can be found [http://defectdojo.readthedocs.org/en/latest/ here]. Documented example workflows can be found [https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/workflows.md].<br />
<br />
==Licensing==<br />
DefectDojo is licensed under the simplified BSD license found [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md here].<br />
<br />
== Project Resources ==<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo#demo Live Demo]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo Source Code]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/blob/master/doc/getting_started.md Getting Started Guide]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/releases What's New ]<br />
<br />
[https://github.com/rackerlabs/django-DefectDojo/issues Issue Tracker]<br />
<br />
== Project Leaders ==<br />
[https://www.owasp.org/index.php/User:Devgreg Greg Anderson] [mailto:greg.anderson@owasp.org @]<br />
<br />
Charles Neill<br />
<br />
[https://www.owasp.org/index.php/User:Grendel Jay Paz]<br />
<br />
== Related Projects ==<br />
<br />
* [https://www.owasp.org/index.php/OWASP_AppSec_Pipeline OWASP AppSec Pipeline]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Code]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
|}<br />
<br />
== News and Events ==<br />
<br />
* [22 Dec 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.5 Version 1.0.5 Released]<br />
* [08 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.4 Version 1.0.4 Released]<br />
* [27 Jul 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.3 Version 1.0.3 Released]<br />
* [16 Jun 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.2 Version 1.0.2 Released]<br />
* [30 Sep 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0.1 Version 1.0.1 Released]<br />
* [02 Apr 2015] [https://github.com/rackerlabs/django-DefectDojo/releases/tag/v1.0 Version 1.0.0 Released]<br />
* [15 Mar 2015] [https://github.com/rackerlabs/django-DefectDojo DefectDojo is open-sourced]<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
==How can I participate in your project?==<br />
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If you are a programmer and wish to contribute code, we regularly review [https://github.com/rackerlabs/django-DefectDojo/pulls pull requests].<br />
<br />
==If I am not a programmer can I participate in your project?==<br />
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for people to help translate our documentation. See the Road Map and Getting Involved tab for more details.<br />
<br />
= Acknowledgements =<br />
==Contributors==<br />
<br />
<br />
<br />
* Greg Anderson<br />
* Charles Neill<br />
* Jay Paz<br />
* Michael Dong<br />
*Fatimah Zohra<br />
<br />
= Road Map and Getting Involved =<br />
At this time, Dojo is already being used by multiple large enterprises, but there is still many aspects we want to enhance and improve. Part of our next steps is to better evangelize our work and encourage others to contribute. However, we do have a set of core contributors that actively works on the project. Feature-wise, we hope to push a proof of concept plugin that will aid in retesting automation.<br />
<br />
<br />
<br />
==Roadmap==<br />
As of <strong>March, 2016, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* A proof of concept plugin that will aid in retesting automation<br />
* JIRA Integration<br />
* Dynamic Application Tagging.<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* CI / CD for pull requests<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Involvement in the development and promotion of <strong>DefectDojo</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
===Coding===<br />
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests<br />
===Localization===<br />
Are you fluent in another language? Can you help translate the text strings in the <strong>Tool Project Template</strong> into that language?<br />
===Testing===<br />
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.<br />
===Feedback===<br />
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Tool_Project_Template Tool Project Template project mailing list] for feedback about:<br />
<ul><br />
<li>What do like?</li><br />
<li>What don't you like?</li><br />
<li>What features would you like to see prioritized on the roadmap?</li><br />
</ul><br />
<br />
=Project About=<br />
<br />
<br />
{{Template:Project About<br />
| project_name =OWASP DefectDojo<br />
| project_description =OWASP DefectDojo is an open source vulnerability management tool that streamlines the testing process by offering templating, report generation, metrics, and baseline self-service tools. <br />
| project_license = [https://github.com/rackerlabs/django-DefectDojo/blob/master/LICENSE.md Simplified BSD]<br />
| leader_name1=Greg Anderson<br />
| leader_email1=greg.anderson@owasp.org<br />
| leader_username1=devgreg<br />
| leader_name2=Charles Neill<br />
| leader_email2=charles.neill@owasp.org<br />
| leader_username2=N/A<br />
| leader_name3=Jay Paz<br />
| leader_email3= N/A<br />
| leader_username3=grendel<br />
}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Devgreg