https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Jing+XieOWASP - User contributions [en]2026-04-27T19:44:39ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=User:Jing_Xie&diff=205052User:Jing Xie2015-12-11T17:31:33Z<p>Jing Xie: </p>
<hr />
<div>[https://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie] is Staff Resarch Scientist at [https://www.fireeye.com/ FireEye Labs] with a focus on mobile malware and vulnerability research. Prior, she was a mobile malware researcher at [https://www.lookout.com/ Lookout] for 3 years. She has a Ph.D. in software security from [http://cci.uncc.edu/ The University of North Carolina at Charlotte]. She was the lead contributor of [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE project] .</div>Jing Xiehttps://wiki.owasp.org/index.php?title=Projects/OWASP_ASIDE_Project&diff=205051Projects/OWASP ASIDE Project2015-12-11T17:27:56Z<p>Jing Xie: /* Research Activities */</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP ASIDE/ESIDE==<br />
OWASP ASIDE/ESIDE project consist of two branches, the ASIDE branch that focuses on detecting software vulnerabilities and helping developer write secure code, and the ESIDE branch that focuses on help educating students secure programming knowledge and practices. Details about ESIDE are described [[https://www.owasp.org/index.php/Projects/OWASP_ASIDE_Project#Education_branch_of_ASIDE:_ESIDE here]].<br />
<br />
OWASP ASIDE is led by [[http://www.linkedin.com/in/junzhu1 Jun Zhu]] and [[User: Bill Chu|Bill Chu]]. Other major contributors include [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]], [http://hci.uncc.edu/~richter Heather Richter Lipford], [http://www.tylerthomaswebsite.net Tyler Thomas], [https://www.linkedin.com/in/mahmoudmo Mahmoud Mohammadi], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
We have presented our talk [http://vimeo.com/54121249 Using Interactive Static Analysis for Early Detection of Software Vulnerabilities] at [http://www.appsecusa.org/ AppSec USA 2012]. You can view and download our [http://webpages.uncc.edu/~jzhu16/InteractiveStaticAnalysis.pdf presentation] here.<br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br/><br />
<br/><br />
<br />
==Introduction==<br />
<br />
'''ASIDE''' is an abbreviation for '''Application Security plugin for Integrated Development Environment'''. It is an Eclipse Plugin which is a software tool primarily designed to help developers write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs.<br />
<br />
==Description==<br />
<br />
ASIDE currently has three prototype implementations: [http://www.youtube.com/watch?v=VjzlpccMjTM ASIDE CodeRefactoring for Education], ASIDE CodeAnnotate which consists of two implementations, [http://www.youtube.com/watch?v=hyAO8WztiMc ASIDE JavaCodeAnnotate] and ASIDE PHPCodeAnnotate. <br />
<br />
ASIDE CodeRefactoring for Education is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation, and provide interactive code refactoring support for students and professional developers to learn secure programming practices and write more secure code. <br />
<br />
ASIDE CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code. <br />
<br />
An older version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO] shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.<br />
<br />
==Research Activities==<br />
1. [https://www.linkedin.com/in/mahmoudmohamadi/ Mahmoud Mohammadi], [[User:Bill Chu|Bill Chu]] and [http://hci.uncc.edu/~richter/ Heather Richter Lipford], “POSTER : Using Unit Testing to Detect Sanitization Flaws,” in CCS’15: The 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, Denver, USA<br />
<br />
2. [[User:Jun Zhu|Jun Zhu]], [[User:Bill Chu|Bill Chu]], [http://hci.uncc.edu/~richter/ Heather Richter Lipford], [http://www.tylerthomaswebsite.net/ Tyler Thomas], [http://dl.acm.org/authorize.cfm?key=N97330 Mitigating Access Control Vulnerabilities through Interactive Static Analysis] , In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, June 2015, Vienna, Austria <br />
<br />
3. [[User:Jun Zhu|Jun Zhu]], [[User:Jing Xie|Jing Xie]], and [[User:Bill Chu|Bill Chu]], [https://www.dropbox.com/s/7omb3kluj6lq8j1/10.pdf?dl=0 Supporting Secure Programming in Web Applications through Interactive Static Analysis], In Journal of Advanced Research, Elsevier, December, 2013.<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [http://hci.uncc.edu/~richter/ Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [https://www.dropbox.com/s/3dyl6i5n3xongm7/12.pdf?dl=0 Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
5. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.uncc.edu/~richter/ Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [https://www.dropbox.com/s/527xwwkm0tfz314/13.pdf?dl=0 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
6. [[User:Jing Xie|Jing Xie]], [http://hci.uncc.edu/~richter/ Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [https://www.dropbox.com/s/yctg4bzyr3zqin3/14.pdf?dl=0 Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
7. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.uncc.edu/~richter/ Heather Richter Lipford] [https://www.dropbox.com/s/vfp261rhx3o2lac/15.pdf?dl=0 Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
==Relevant Research==<br />
<br />
8. [http://hci.uncc.edu/~richter/ Heather Richter Lipford], [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], etc [https://www.dropbox.com/s/fs2jin7azy1z7pm/16.pdf?dl=0 The Impact of A Structured Application Development Framework on Web Application Security]<br />
<br />
==Licensing==<br />
OWASP ASIDE is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is ASIDE/ESIDE? ==<br />
<br />
OWASP ASIDE provides:<br />
<br />
* Interactive Static Analysis support to developers in Eclipse IDE (for Java and PHP) to detect and mitigate software vulnerabilities in the code<br />
* Interactive Secure Programming Education opportunities in IDE for students as well as professional developers to help them write more secure code as well as learn best secure programming practices<br />
<br />
ESIDE provides: <br />
* Identification of targeted Java code patterns.<br />
* Interactive instructional opportunities for students in the IDE.<br />
* Real-time IDE support for secure code education (Java).<br />
<br />
p.s. (Details about ESIDE are described [[https://www.owasp.org/index.php/Projects/OWASP_ASIDE_Project#Education_branch_of_ASIDE:_ESIDE here]].)<br />
<br />
== Presentation ==<br />
<br />
1. Our talk [http://vimeo.com/54121249 Using Interactive Static Analysis for Early Detection of Software Vulnerabilities] at [http://www.appsecusa.org/ AppSec USA 2012]. You can view and download our [http://webpages.uncc.edu/~jzhu16/InteractiveStaticAnalysis.pdf presentation].<br />
<br />
2. Our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation].<br />
<br />
== Project Leaders ==<br />
[[http://www.linkedin.com/in/junzhu1 Jun Zhu]],<br />
[[User: Bill Chu|Bill Chu]]<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP_CISO_Survey]]<br />
<br />
<br />
== Openhub ==<br />
<br />
* [https://www.openhub.net/p/owaspaside OWASP ASIDE Ohloh]<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
=== Runnable plugins and installation guidelines ===<br />
The recent publicly available ASIDE CodeRefactoring plugin can be downloaded from [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside_1.0.0.201302251700.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside.logging_1.0.0.201302251700.jar logging] facility to make ASIDE work properly. ASIDE CodeRefactoring is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+. To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
The recent publicly available ASIDE CodeAnnotate plugin can be downloaded from [http://webpages.uncc.edu/~jzhu16/CodeAnnotate_1.0.0.201210240250.jar here]. ASIDE CodeAnnotate is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+. To make it work, please place the jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse. Demo of how to run CodeAnnotate can be viewed from [http://www.youtube.com/watch?v=hyAO8WztiMc here].<br />
<br />
''New!'' We recently released a version of ASIDE CodeAnnotate plugin for Eclipse PHP Development Environment. It is built upon [http://projects.eclipse.org/projects/tools.pdt Eclipse PDT framework], you can download the plugin [http://webpages.uncc.edu/~jzhu16/PHPCodeAnnotate_1.0.0.NoSelectRules.jar here]. As it is still in incubator phase at this point, we recommend you to first install the configured Eclipse PHP package we provide on Linux, which can be downloaded [https://drive.google.com/file/d/0B4IYTQA8N1S7bS16MUY5MFN4V28/edit?usp=sharing here], and then place the jar file under the plugins folder of the Eclipse installation directory, and then restart your Eclipse. Demo of how to run CodeAnnotate can be viewed from [http://www.youtube.com/watch?v=hyAO8WztiMc here]. A good PHP open source project you can try the plugin against is [http://download.moodle.org Moodle];<br />
<br />
=== Source Code ===<br />
ASIDE Education with CodeRefactoring: https://github.com/JunZhuSecurity/ASIDE-Education<br />
ASIDE PHPCodeAnnotate: https://github.com/JunZhuSecurity/ASIDE-PHPCodeAnnotate<br />
ASIDE JavaCodeAnnotate: https://github.com/JunZhuSecurity/ASIDE-JavaCodeAnnotate<br />
<br />
== Email List ==<br />
<br />
Project Email List: https://lists.owasp.org/mailman/listinfo/owasp-aside-project<br />
<br />
== News and Events ==<br />
* [18-19 September 2014] Bill will be hosting a session about ASIDE project at AppSec USA 2014 in Denver!<br />
* [30 April 2014] ASIDE PHPCodeAnnotate plugin for Eclipse PHP IDE released!<br />
* [07 December 2013] ASIDE paper titled "Supporting Secure Programming in Web Applications through Interactive Static Analysis" accepted!<br />
* [10 May 2013] ASIDE Education with CodeRefactoring plugin for Eclipse Java IDE released!<br />
* [22 October 2012] ASIDE paper titled "Interactive Support for Secure Programming Education" accepted!<br />
* [September 2012] Bill and Jun delivered ASIDE talk titled "Using Interactive Static Analysis for Early Detection of Software Vulnerabilities" at OWASP AppSec USA in Austin!<br />
* [8-10 August 2012] Jun gave a poster about ASIDE at USENIX Security 12!<br />
* [10 May 2012] ASIDE JavaCodeAnnotate plugin for Eclipse Java IDE released!<br />
<br />
== In Print ==<br />
N/A<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
= RoadMap and Get Involvement =<br />
ASIDE project has been continuously under active research, development, and evaluation.<br />
Involvement in the development and promotion of ASIDE is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Try ASIDE and email your feedback, comments to the project leaders.<br />
* Do pilot study with ASIDE in your team, and the project leaders would love to collaborate!<br />
<br />
= Education branch of ASIDE: ESIDE =<br />
== ESIDE ==<br />
<br />
The education branch of ASIDE, named ESIDE (Educational Security in the IDE), is led by [http://hci.uncc.edu/tomcat/Michael_Whitney/ Michael Whitney] and [http://hci.uncc.edu/~richter Heather Richter Lipford]. Other major contributors include [[User: Bill Chu|Bill Chu]] and [[http://www.linkedin.com/in/junzhu1 Jun Zhu]].<br/><br />
<br />
== Introduction ==<br />
ESIDE (Educational Security in the IDE) enhances the secure coding instructional process by turning<br />
the student's IDE into a real-time secure programming instructional resource. This approach capitalizes<br />
on the out of class, in the IDE time by providing layered educational opportunities whenever the<br />
student writes specific code patterns (i.e., vulnerable code) in a fashion similar to Microsoft's Grammar<br />
Checker. In this manner, ESIDE provides students with the opportunity to learn secure coding<br />
principles and practices concurrently with the lessons they are learning in their respective courses.<br />
<br />
== Description ==<br />
Deployed as an Eclipse IDE Java plugin, ESIDE continuously searches for predetermined code patterns<br />
(e.g., request.getParameter();). Whenever a student writes targeted code, they are provided with an<br />
interactive system that provides a layered educational opportunity. Because students are contextually<br />
“in the moment” when the support becomes available, they are more receptive to making the<br />
connection between classroom principles and coding practices. A secondary effect is the exponential<br />
increase in instructional exposure which has been proven to be successful in other instructional areas.<br />
The overall goal of ESIDE is to serve as an effective means to educate students at every level on the<br />
principles and practices of secure coding throughout their educational experience. To this end, we have<br />
developed ESIDE's interactive process as follows: The moment target code is written, ESIDE initiates<br />
a layered educational intervention based on the targeted code. The first layer is a warning icon that<br />
is placed in the left margin of the code editor. Hovering the icon reveals a short message that<br />
encourages further interaction. When the student clicks the icon, ESIDE generates a<br />
content specific list of educational options. Each of these options are accompanied with a short<br />
explanation of the issue at hand. For each generated list, there also exists the option to<br />
access an explanation page that provides a more comprehensive explanation of what was<br />
discovered, why it is important, and how to integrate the provided principles into coding practices.<br />
<br />
A video of an interaction designed for early students can be found at http://www.youtube.com/watch?v=k-FIcrr1ff8<br />
<br />
== What ESIDE provides? ==<br />
• Real-time IDE support for secure code education (Java).<br />
<br />
• Identification of targeted Java code patterns.<br />
<br />
• Interactive instructional opportunities for students in the IDE.<br />
<br />
== Publications ==<br />
1. [http://hci.uncc.edu/tomcat/Michael_Whitney/ Michael Whitney], [http://hci.uncc.edu/~richter/ Heather Richter Lipford], [[User:Bill Chu|Bill Chu]], and [[User:Jun Zhu|Jun Zhu]]. Embedding Secure Coding Instruction into the IDE: A Field Study in an Advanced CS Course. In Proceedings of the 46th ACM Technical Symposium on Computer Science Education (SIGCSE '15). ACM, New York, NY, USA, 60-65. DOI=10.1145/2676723.2677280 http://doi.acm.org/10.1145/2676723.2677280<br />
<br />
2. [[User:Jun Zhu|Jun Zhu]], [http://hci.uncc.edu/~richter/ Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jzhu16/SIGCSE12-Zhu.pdf Interactive Support for Secure Programming Education], In Proceedings of ACM Technical<br />
Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA<br />
<br />
== Runnable ESIDE Prototype and Installation Guidelines ==<br />
The recent publicly available ESIDE plugin can be downloaded from [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside_1.0.0.201302251700.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside.logging_1.0.0.201302251700.jar logging] facility to make ESIDE work properly. ESIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+. To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
== Open Source Code ==<br />
The most recent source code of ESIDE can be accessed via https://github.com/witny23/ESIDE.<br />
<br />
== Priorities and get involved ==<br />
As of March 17, 2015 the priorities are:<br />
<br />
1. Move xml into a database.<br />
<br />
2. Create a public repository of customized ESIDE support for specific courses.<br />
<br />
Involvement in the development and promotion of ESIDE is actively encouraged! You do not have to<br />
be a security expert in order to contribute. Some of the ways you can help: Individuals who are interested in content contribution, usability evaluation or deploying ESIDE in their classroom would be wonderful!!</div>Jing Xiehttps://wiki.owasp.org/index.php?title=User:Jing_Xie&diff=181502User:Jing Xie2014-08-31T21:27:33Z<p>Jing Xie: </p>
<hr />
<div>[https://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie] is a malware analyst at [https://www.lookout.com/ Lookout]. She has a Ph.D. in software security from [http://cci.uncc.edu/ The University of North Carolina at Charlotte]. She was the lead contributor of [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE project].</div>Jing Xiehttps://wiki.owasp.org/index.php?title=User:Jing_Xie&diff=181501User:Jing Xie2014-08-31T21:27:05Z<p>Jing Xie: </p>
<hr />
<div>[https://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie] is a malware analyst at [https://www.lookout.com/ Lookout]. She has a Ph.D. in software security from [http://cci.uncc.edu/ The University of North Carolina at Charlotte}. She was the lead contributor of [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE project].</div>Jing Xiehttps://wiki.owasp.org/index.php?title=User:Jing_Xie&diff=181500User:Jing Xie2014-08-31T21:26:28Z<p>Jing Xie: </p>
<hr />
<div>[https://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie] is a malware analyst at Lookout. She has a Ph.D. in software security from [http://cci.uncc.edu/ The University of North Carolina at Charlotte}. She was the lead contributor of [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE project].</div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=140193OWASP ASIDE Project2012-11-26T06:02:26Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] and [[User: Bill Chu|Bill Chu]]. Other major contributors include [[http://www.linkedin.com/in/junzhu1 Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
We have presented our talk [http://www.appsecusa.org/speakers/appsecusa-speakers/ Using Interactive Static Analysis for Early Detection of Software Vulnerabilities] at [http://www.appsecusa.org/ AppSec USA 2012].<br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE currently has two prototype implementations: [http://www.youtube.com/watch?v=VjzlpccMjTM ASIDE CodeRefactoring] and [http://www.youtube.com/watch?v=hyAO8WztiMc ASIDE CodeAnnotate]. <br />
<br />
CodeRefactoring is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation. <br />
<br />
CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code. <br />
<br />
An older version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO] shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
<br />
1. [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jzhu16/SIGCSE_Jun.pdf Interactive Support for Secure Programming Education], To appear In Proceedings of ACM Technical<br />
Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
5. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=140192OWASP ASIDE Project2012-11-26T06:00:24Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[http://www.linkedin.com/in/junzhu1 Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
We have presented our talk [http://www.appsecusa.org/speakers/appsecusa-speakers/ Using Interactive Static Analysis for Early Detection of Software Vulnerabilities] at [http://www.appsecusa.org/ AppSec USA 2012].<br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE currently has two prototype implementations: [http://www.youtube.com/watch?v=VjzlpccMjTM ASIDE CodeRefactoring] and [http://www.youtube.com/watch?v=hyAO8WztiMc ASIDE CodeAnnotate]. <br />
<br />
CodeRefactoring is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation. <br />
<br />
CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code. <br />
<br />
An older version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO] shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
<br />
1. [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jzhu16/SIGCSE_Jun.pdf Interactive Support for Secure Programming Education], To appear In Proceedings of ACM Technical<br />
Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
5. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=140191OWASP ASIDE Project2012-11-26T05:57:55Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[http://www.linkedin.com/in/junzhu1 Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New</b><br/><br />
Our talk <b>[http://www.appsecusa.org/speakers/appsecusa-speakers/ Using Interactive Static Analysis for Early Detection of Software Vulnerabilities]</b> has been accepted by [http://www.appsecusa.org/ AppSec USA 2012]. We look forward to meeting those who are interested in ASIDE in Austin TX.<br/><br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE currently has two prototype implementations: [http://www.youtube.com/watch?v=VjzlpccMjTM ASIDE CodeRefactoring] and [http://www.youtube.com/watch?v=hyAO8WztiMc ASIDE CodeAnnotate]. <br />
<br />
CodeRefactoring is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation. <br />
<br />
CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code. <br />
<br />
An older version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO] shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
<br />
1. [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jzhu16/SIGCSE_Jun.pdf Interactive Support for Secure Programming Education], To appear In Proceedings of ACM Technical<br />
Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
5. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=135470OWASP ASIDE Project2012-09-07T18:36:19Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New</b><br/><br />
Our talk <b>[http://www.appsecusa.org/speakers/appsecusa-speakers/ Using Interactive Static Analysis for Early Detection of Software Vulnerabilities]</b> has been accepted by [http://www.appsecusa.org/ AppSec USA 2012]. We look forward to meeting those who are interested in ASIDE in Austin TX.<br/><br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=135287OWASP ASIDE Project2012-09-04T03:23:01Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New</b><br/><br />
Our talk <b>Using Interactive Static Analysis for Early Detection of Software Vulnerabilities</b> has been accepted by [http://www.appsecusa.org/ AppSec USA 2012]. We look forward to meeting those who are interested in ASIDE in Austin TX.<br/><br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=135286OWASP ASIDE Project2012-09-04T03:21:52Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New</b><br/><br />
Our talk <b>Using Interactive Static Analysis for Early Detection of Software Vulnerabilities</b> has been accepted by [AppSec USA 2012|http://www.appsecusa.org/]. We look forward to meeting those who are interested in ASIDE in Austin TX.<br />
<br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=134405OWASP ASIDE Project2012-08-15T16:46:37Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<br />
<br/><br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=133295OWASP ASIDE Project2012-07-22T15:01:35Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSec USA 2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project at Austin, TX.<br />
<br/><br/><br />
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=132378OWASP ASIDE Project2012-06-29T22:42:52Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSec USA 2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project at Austin, TX.<br />
<br/><br/><br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. Although the resources are not available anymore, you can still view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=132377OWASP ASIDE Project2012-06-29T22:42:30Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSecUSA2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project at Austin, TX.<br />
<br/><br/><br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. Although the resources are not available anymore, you can still view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=132376OWASP ASIDE Project2012-06-29T22:39:58Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSecUSA2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project at Austin, TX.<br />
<br/><br/><br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. Although the resources are not available anymore, you can still view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=132375OWASP ASIDE Project2012-06-29T22:39:09Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSecUSA2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project. <br />
<br/><br/><br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. Although the resources are not available anymore, you can still view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=132374OWASP ASIDE Project2012-06-29T22:38:48Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/><br />
<br/><br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSecUSA2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project. <br />
<br/><br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. Although the resources are not available anymore, you can still view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=132373OWASP ASIDE Project2012-06-29T22:38:15Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
<b>New:</b> Our submission to [http://www.appsecusa.org/ AppSecUSA2012] has been accepted. We'd look forward to meeting with those who are interested in our idea and project. <br />
<br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. Although the resources are not available anymore, you can still view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=131989OWASP ASIDE Project2012-06-26T17:18:24Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=131988OWASP ASIDE Project2012-06-26T17:17:39Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our[http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=131906OWASP ASIDE Project2012-06-26T02:06:31Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar ASIDE] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=127512OWASP ASIDE Project2012-04-06T14:03:59Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://d5srjexdxko0l.cloudfront.net/talks.html#ide Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=125689OWASP ASIDE Project2012-03-07T01:41:23Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO]. You will need Adobe Flash to display it. A newer version will soon be uploaded.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=124879OWASP ASIDE Project2012-02-22T22:10:09Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=124878OWASP ASIDE Project2012-02-22T22:06:06Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a| Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=124877OWASP ASIDE Project2012-02-22T22:05:37Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a|Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=123528OWASP ASIDE Project2012-01-31T20:54:41Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
<br />
This project is led by [[User:Jing Xie|Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=123034OWASP ASIDE Project2012-01-23T15:18:35Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
[[User:Jing Xie|Jing Xie]], [[User:Jun Zhu|Jun Zhu]], [[User: Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] & [[User:John Melton|John Melton]],<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=122747OWASP ASIDE Project2012-01-13T23:23:11Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
[[User:Jing Xie|Jing Xie]], [[User:Jun Zhu|Jun Zhu]], Bill Chu & [[User:John Melton|John Melton]],<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Source Code ====<br />
<br />
The source code is located at https://github.com/Jing-Xie/owasp-aside<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=122702OWASP ASIDE Project2012-01-12T14:58:18Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
[[User:Jing Xie|Jing Xie]], [[User:Jun Zhu|Jun Zhu]], Bill Chu & [[User:John Melton|John Melton]],<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool|OWASP ASIDE]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=122672OWASP ASIDE Project2012-01-11T17:41:51Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
[[User:Jing Xie|Jing Xie]], [[User:Jun Zhu|Jun Zhu]], Bill Chu & [[User:John Melton|John Melton]],<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Download ====<br />
<br />
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.<br />
<br />
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=121543OWASP ASIDE Project2011-12-15T19:35:02Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
[[User:Jing Xie|Jing Xie]], [[User:Jun Zhu|Jun Zhu]], Bill Chu & [[User:John Melton|John Melton]],<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=121524OWASP ASIDE Project2011-12-15T15:32:25Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
[[User:Jing Xie|Jing Xie]], Jun Zhu, Bill Chu & [[User:John Melton|John Melton]],<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=User:Jing_Xie&diff=121523User:Jing Xie2011-12-15T15:29:22Z<p>Jing Xie: </p>
<hr />
<div>[http://webpages.uncc.edu/~jxie2/JingCV.pdf Jing Xie] is pursuing her Ph.D. in Department of Software and Information Systems at The University of North Carolina at Charlotte. Her current research interest is software security in general. She is the lead developer of [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE project].</div>Jing Xiehttps://wiki.owasp.org/index.php?title=User:Jing_Xie&diff=121522User:Jing Xie2011-12-15T15:27:56Z<p>Jing Xie: </p>
<hr />
<div>[http://webpages.uncc.edu/~jxie2/JingCV.pdf Jing Xie] is pursuing her Ph.D. in Department of Software and Information Systems at The University of North Carolina at Charlotte. Her current research interest is software security in general.</div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=121521OWASP ASIDE Project2011-12-15T15:26:03Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Jun Zhu, Bill Chu & John Melton,<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford, and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], Heather Richter Lipford, and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford, [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=121520OWASP ASIDE Project2011-12-15T15:23:44Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Jun Zhu, Bill Chu & John Melton,<br><br />
<br />
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford, and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems, CHI 2011, Austin, Texas, May 2012<br />
<br />
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], Heather Richter Lipford, and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference, December 5–9, 2011, Orlando, FL, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing, September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford, [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=Category:OWASP_Project&diff=121519Category:OWASP Project2011-12-15T15:15:27Z<p>Jing Xie: </p>
<hr />
<div>An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories: <br />
<br />
*'''PROTECT''' - These are tools and documents that can be used to guard against security-related design and implementation flaws. <br />
*'''DETECT''' - These are tools and documents that can be used to find security-related design and implementation flaws. <br />
*'''LIFE CYCLE''' - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).<br />
<br />
If you would like to start a new project please review the '''[[How to Start an OWASP Project]]''' guide. Please contact the [https://www.owasp.org/index.php/Global_Projects_and_Tools_Committee Global Project Committee] members to discuss project ideas and how they might fit into OWASP. All OWASP projects must be free and open and have their homepage on the OWASP portal. You can read all the guidelines in the [[:Category:OWASP Project Assessment|Project Assessment Criteria]]. <br />
<br />
Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. <br />
<br />
A list of '''Projects''' that have been identified as '''orphaned''' ones has been set up. Please [[:Category:OWASP Orphaned Projects|glance at it]] and see you find interest in leading any of them. <br><br> <br />
<br />
<paypal>OWASP Projects</paypal> <br />
<br />
=Stable Quality Projects=<br />
<br />
*Stable quality projects are generally the level of quality of professional tools or documents. <br />
*Projects are listed below.<br />
<br />
{| width="100%"<br />
|-<br />
! width="50%" | Tools <br />
! Documentation<br />
|- valign="top"<br />
| <br />
'''PROTECT:<br><br>''' <br />
<br />
;[[:Category:OWASP AntiSamy Project|OWASP AntiSamy Java Project]] <br />
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP AntiSamy Project .NET|OWASP AntiSamy .NET Project]] <br />
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]] <br />
:a free and open collection of all the security methods that a developer needs to build a secure web application. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP ModSecurity Core Rule Set Project|OWASP ModSecurity Core Rule Set Project]] <br />
:a project to document and develop the ModSecurity Core Rule Set (Assessment Criteria v2.0)<br />
<br />
<br> '''DETECT:<br><br>''' <br />
<br />
;[[:JBroFuzz|OWASP JBroFuzz Project]] <br />
:a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Live CD Project|OWASP Live CD Project]] <br />
:this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP WebScarab Project|OWASP WebScarab Project]] <br />
:a tool for performing all types of security testing on web applications and web services (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Zed Attack Proxy Project|OWASP Zed Attack Proxy Project]] <br />
:The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. (Assessment Criteria v2.0)<br />
<br />
<br> '''LIFE CYCLE:<br><br>''' <br />
<br />
;[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]] <br />
:an online training environment for hands-on learning about application security (Assessment Criteria v1.0)<br />
<br />
<br> <br />
<br />
| <br />
'''PROTECT:<br><br>''' <br />
<br />
;[[:Category:OWASP Guide Project|OWASP Development Guide]] <br />
:a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP .NET Project|OWASP .NET Project]] <br />
:the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide V2]] <br />
:this Project is the one and only source of information about Rails security topics. (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]] <br />
:this document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. (Assessment Criteria v2.0)<br />
<br />
<br> '''DETECT:<br><br>''' <br />
<br />
;[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard Project]] <br />
:The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying) applications using both security testing and code review techniques. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Code Review Project|OWASP Code Review Guide]] <br />
:a project to capture best practices for reviewing code. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Testing Project|OWASP Testing Guide]] <br />
:a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]] <br />
:an awareness document that describes the top ten web application security vulnerabilities (Assessment Criteria v1.0)<br />
<br />
<br> '''LIFE CYCLE:<br><br>''' <br />
<br />
;[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]] <br />
:FAQ covering many application security topics (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Legal Project|OWASP Legal Project]] <br />
:a project focused on providing contract language for acquiring secure software (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Source Code Review OWASP Projects Project|OWASP Source Code Review for OWASP-Projects]] <br />
:a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC). (Assessment Criteria v1.0)<br />
<br />
<br> <br />
<br />
|}<br />
<br />
=Beta Status Projects=<br />
<br />
*Beta quality projects are complete and ready to use with documentation. <br />
*Projects are listed below.<br />
<br />
{| width="100%"<br />
|-<br />
! width="50%" | Tools <br />
! Documentation<br />
|- valign="top"<br />
| <br />
'''PROTECT:<br><br>''' <br />
<br />
;[[:Category:OWASP CSRFGuard Project|OWASP CSRFGuard Project]] <br />
:a J2EE filter that implements a unique request token to mitigate CSRF attacks (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Encoding Project|OWASP Encoding Project]] <br />
:a project focused on the development of encoding best practices for web applications. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP OpenSign Server Project|OWASP OpenSign Server Project]] <br />
:the purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp]] <br />
:focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP. (Assessment Criteria v1.0)<br />
<br />
<br />
<br> '''DETECT:<br><br>''' <br />
<br />
;[[:Category:OWASP Access Control Rules Tester Project|OWASP Access Control Rules Tester Project]] <br />
:this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Code Crawler|OWASP Code Crawler]] <br />
:this tool is aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP DirBuster Project|OWASP DirBuster Project]] <br />
:DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Orizon Project|OWASP Orizon Project]] <br />
:the goal of this project is to develop an extensible code review engine to be used from source code assessment tools. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]] <br />
:a project focused on combining automated capabilities with complete manual testing to get the best results (Assessment Criteria v1.0)<br />
<br />
;[[ORG (Owasp Report Generator)|OWASP Report Generator]] <br />
:a project giving security professionals a way to report and keep track of their projects (Assessment Criteria v1.0)<br />
<br />
;[[Owasp SiteGenerator|OWASP Site Generator]] <br />
:a project allowing users to create dynamic sites for use in training, web application scanner testing, etc... (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Skavenger Project|OWASP Skavenger Project]] <br />
:is a web application security assessment tool kit that passively analyses traffic logged by various MITM proxies as well as other sources and helps to identify various kinds of possible vulnerabilities. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP SQLiX Project|OWASP SQLiX Project]] <br />
:a project focused on the development of SQLiX, a full perl-based SQL scanner (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Sqlibench Project|OWASP Sqlibench Project]] <br />
:this is a benchmarking project of automatic sql injectors related to dumping databases. (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Tiger|OWASP Tiger]] <br />
:OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]] <br />
:OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP WSFuzzer Project|OWASP WSFuzzer Project]] <br />
:a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer (Assessment Criteria v1.0)<br />
<br />
<br> '''LIFE CYCLE:<br><br>''' <br />
<br />
;[[:Category:OWASP Teachable Static Analysis Workbench Project|OWASP Teachable Static Analysis Workbench Project]] <br />
:this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype. (Assessment Criteria v1.0)<br />
<br />
| <br />
'''PROTECT:<br><br>''' <br />
<br />
;[[:Category:OWASP AppSensor Project|OWASP AppSensor Project]] <br />
:a framework for detecting and responding to attacks from within the application. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Backend Security Project|OWASP Backend Security Project]] <br />
:this is a new project created to improve and to collect the existant information about the backend security. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Securing WebGoat using ModSecurity Project|OWASP Securing WebGoat using ModSecurity Project]] <br />
:the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. (Assessment Criteria v1.0)<br />
<br />
<br> '''DETECT:<br><br>''' <br />
<br />
;[[:Category:OWASP Tools Project|OWASP Tools Project]] <br />
:The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their effectiveness.<br />
<br />
<br> '''LIFE CYCLE:<br><br>''' <br />
<br />
;[[:Category:OWASP CLASP Project|OWASP CLASP Project]] <br />
:a project focused on defining process elements that reinforce application security (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Education Project|OWASP Education Project]] <br />
:a project to build educational tracks and modules for different audiences. (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Spanish|OWASP Spanish Project]] <br />
:first translation effort to make OWASP site and project completely available in Spanish language. (Assessment Criteria v1.0)<br />
<br />
<br> <br />
<br />
|}<br />
<br />
=Alpha Status Projects=<br />
<br />
*Alpha quality projects are generally usable but may lack documentation or quality review. <br />
*Projects are listed below.<br />
<br />
{| width="100%"<br />
|-<br />
! width="50%" | Tools <br />
! Documentation<br />
|- valign="top"<br />
| <br />
;[[OWASP Academy Portal Project|OWASP Academy Portal Project]]<br />
: a Portal to offer academic material in usable blocks, lab's, video's and forum. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Alchemist Project|OWASP Alchemist Project]] <br />
:this project enables a software development team in realization of highly secure and defensible application with built-in defences/controls against security‐related design, coding and implementation flaws. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]]<br />
:The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed and what level of assessment is appropriate based on business requirement. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project]] <br />
:The idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP ASIDE Project|OWASP ASIDE Project]]<br />
:ASIDE is an abbreviation for Application Security in Integrated Development Environment. It is an EclipseTM Plugin which is a software tool primarily designed to help students write more secure code. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Broken Web Applications Project|OWASP Broken Web Applications Project]] <br />
:a collection of vulnerable web applications that is distributed on a Virtual Machine. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Browser Security ACID Tests Project|OWASP Browser Security ACID Tests Project]]<br />
: (Assessment Criteria v2.0)<br />
<br />
;[[Classic ASP Security Project|OWASP Classic ASP Security Project]] <br />
:it aims in creating a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Content Validation using Java Annotations Project|OWASP Content Validation using Java Annotations Project]] <br />
:We wish to explore the use of Java annotations for object validation, specifically for content validation. the result will be a framework which should be easy to use with an existing application. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP CRM Project|OWASP CRM Project]] <br />
:provides a management system for membership, projects, industry and chapters and users of OWASP projects (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Cryttr - Encrypted Twitter Project|OWASP Cryttr - Encrypted Twitter Project]] <br />
:a way to do some encrypted messaging to a group of distributed people with as little overhead as possible. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP CSRFTester Project|OWASP CSRFTester Project]] <br />
:gives developers the ability to test their applications for CSRF flaws (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Data Exchange Format Project|OWASP Data Exchange Format Project]]<br />
:to define an open format for exchanging data between pentest tools (Assessment Criteria v2.0)<br />
<br />
;[[OWASP ESOP Framework|OWASP ESOP Framework]]<br />
:the purpose of the framework is to provide a security layer to a given web application / web site via web service (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Encrypted Syndication Project|OWASP Encrypted Syndication Project]] <br />
:complements the OWASP Cryttr - Encrypted Twitter Project and serves other few other front ends that can use Encrypted Syndication Protocol. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP EnDe|OWASP EnDe Project]] <br />
:This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web. (Assessment Criteria v1.0)<br />
<br />
;[[ESAPI Swingset|OWASP ESAPI Swingset Project]] <br />
:the ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Favicon Database Project|OWASP Favicon Database Project]] <br />
:software enumeration via favicon.ico (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Forward Exploit Tool Project|OWASP Forward Exploit Tool Project]] <br />
:this projects aims to develop a tool to exploit Top 10 2010 - A10 - Unvalidated Forward vulnerability to bypass access control to protected Java application files (config, binary -source code, etc.). It aims also to automate the download of known files in Java Web applications. (Assessment Criteria v2.0)<br />
<br />
;[[:Projects/OWASP GoatDroid Project|OWASP GoatDroid Project]]<br />
:this is the Android equivalent to the iGoat Project and will be a sub component of the Mobile Security Project and closely tied to the Mobile Top 10 Risks and forthcoming body of knowledge. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP Hackademic Challenges Project|OWASP Hackademic Challenges Project]]<br />
:this project implements realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP Hatkit Datafiddler Project|OWASP Hatkit Datafiddler Project]]<br />
:this is a tool for performing advanced analysis of http traffic. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP Hatkit Proxy Project|OWASP Hatkit Proxy Project]]<br />
:the Hatkit Proxy is an intercepting http/tcp proxy based on the Owasp Proxy, but with several additions. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP HTTP Post Tool|OWASP HTTP Post Tool]] <br />
:a tool for the purpose of performing web application security assessment around the availability concerns (Assessment Criteria v2.0)<br />
<br />
;[[OWASP iGoat Project|OWASP iGoat Project]]<br />
:The iGoat project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]] <br />
:a web application that includes common web application vulnerabilities (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Java HTML Sanitizer|OWASP Java HTML Sanitizer]]<br />
:this is a fast Java-based HTML Sanitizer which provides XSS protection (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP JavaScript Sandboxes|OWASP JavaScript Sandboxes]] <br />
:the goal of this project is to produce a simplified version of Javascript by using regular expressions to remove dangerous functionality and then use Javascript itself to evaluate the results. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Java XML Templates Project|OWASP Java XML Templates Project]] <br />
:JXT is a fast and secure XHTML-compliant template language that runs on a model similar to JSP. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Joomla Vulnerability Scanner Project|OWASP Joomla Vulnerability Scanner Project]] <br />
:a regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution,XSS, DOS,directory traversal vulnerabilities of a target Joomla! web site<br />
<br />
;[[:Category:OWASP JSP Testing Tool Project|OWASP JSP Testing Tool Project]] <br />
:the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP LAPSE Project|OWASP LAPSE Project]] <br />
:an Eclipse-based source-code static analysis tool for Java (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Learn About Encoding Project|OWASP Learn About Encoding Project]] <br />
:this project has as its ultimate goal of demystifying the problems related to the study of character encoding (charset encoding). (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Mantra - Security Framework|OWASP Mantra - Security Framework]]<br />
: this is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. <br />
<br />
;[[:Category:OWASP Mutillidae|OWASP Mutillidae Project]] <br />
:a deliberately vulnerable set of PHP scripts that implement the OWASP Top 10<br />
<br />
;[[:OWASP NAXSI Project|OWASP NAXSI Project]]<br />
:its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP NetBouncer Project|OWASP NetBouncer Project]] <br />
:is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level. (Assessment Criteria v1.0)<br />
<br />
;[[Opa |Opa]]<br />
:Usher in a new generation of web development tools and methodologies. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Open Review Project|OWASP Open Review Project (ORPRO)]] <br />
:a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP OVAL Content Project|OWASP OVAL Content Project]]<br />
:The purpose of this project is to create OVAL content to enable any OVAL compatible tool find security issues which can be represented in a standard format (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP O2 Platform|OWASP O2 Platform]] <br />
:this project is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Passw3rd Project|OWASP Passw3rd Project]]<br />
: this project stores passwords in encrypted files with an easy to use command line interface, and utilities to use the passwords in code (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP PHP AntiXSS Library Project|OWASP PHP AntiXSS Library Project]] <br />
:reduce cross-site scripting vulnerabilities by encoding your output (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Python Static Analysis Project|OWASP Python Static Analysis Project]] <br />
:the aim of this project is to provide full language support,other Python frameworks support, analysis improvement, reporting capability, documentation, promotion materials: publication-ready article and presentation (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Proxy|OWASP Proxy Project]] <br />
:aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Security Tools for Developers Project|OWASP Security Tools for Developers Project]]<br />
:aims to develop a reference implementation of open source tools integrated in an end to end development process. This will likely include a reference architecture, guidance and a reference implementation using open source tools. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Secure the Flag Competition Project]] <br />
:aims to create a different type of competition that encourages secure coding rather than hacking skills. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP SIMBA Project|OWASP SIMBA Project]]<br />
:SIMBA (Security Integration Module for Business Applications) is a User Access Management system that can be integrated with any business application. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Sprajax Project|OWASP Sprajax Project]] <br />
:an open source black box security scanner used to assess the security of AJAX-enabled applications (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Stinger Project|OWASP Stinger Project]] <br />
:a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP VFW Project|OWASP VFW Project]]<br />
:this project is to mitigate web applications threats using Varnish which is a modern, very flexible and scalable reverse-proxy system which supports VCL, a wonderful domain-specific language to deal with HTTP (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Vicnum Project|OWASP Vicnum Project]] <br />
:a flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag' (Assessment Criteria v2.0)<br />
<br />
;[[OWASP WAF Project|OWASP WAF Project]]<br />
:the OWASP Web Application Firewall (WAF) Project is a ModSecurity endorsed Port of their Language Specification (Level 1) for Java and .NET based on the contribution to ESAPI-Java by Arshan Dabirsiaghi (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Wapiti Project|OWASP Wapiti Project]] <br />
:the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Web Application Security Metric using Attack Patterns Project|OWASP Web Application Security Metric using Attack Patterns Project]] <br />
:the project provides attack pattern database along with prototype model (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Web Browser Testing System Project|OWASP Web Browser Testing System Project]]<br />
: (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Web 2.0 Project|OWASP Web 2.0 Project]] <br />
:a place for advanced research of security in the Web 2.0 world (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Web Testing Environment Project|OWASP Web Testing Environment Project]]<br />
: (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]] <br />
:this is web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Webslayer Project|OWASP Webslayer Project]] <br />
:a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (Assessment Criteria v1.0)<br />
<br />
;[[OWASP WebScarab NG Project|OWASP WebScarab NG Project]]<br />
:this is a robust tool that assists the user in penetration test. This is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly- (Assessment Criteria v2.0)<br />
<br />
;[[OWASP WhatTheFuzz Project|OWASP WhatTheFuzz Project]]<br />
:this is an easy to use, easy to get started fuzzer for websites (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Yasca Project|OWASP Yasca Project]] <br />
:Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools. (Assessment Criteria v1.0)<br />
<br />
| <br />
;[[:Category:OWASP ASDR Project|OWASP ASDR Project]] <br />
:is a reference volume that contains basic information about all the foundational topics in application security (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]] <br />
:identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Application Security Program for Manager|OWASP Application Security Program for Manager]] <br />
:create an OWASP Roadmap for the world wide Companies Type. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Application Security Skills Assessment|OWASP Application Security Skills Assessment]] <br />
:Help individuals understand their strengths and weaknesses in specific application security skills. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP AIR Security Project|OWASP AIR Security Project]] <br />
:investigating the security of AIR applications (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Guide]] <br />
:investigating the security of AJAX enabled applications (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Anti-Malware Project|OWASP Anti-Malware Project]] <br />
:describing common flaws in security designs (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Application Security Requirements Project|OWASP Application Security Requirements]] (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Best Practices: Use of Web Application Firewalls|OWASP Best Practices: Use of Web Application Firewalls]] <br />
:the document is aimed primarily at technical decision-makers, especially those responsible for operations and security (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Book Cover & Sleeve Design|OWASP Book Cover &amp; Sleeve Design]] <br />
:this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve. (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Browser Security Project|OWASP Browser Security Project]] <br />
:To be definied (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Boot Camp Project|OWASP Boot Camp Project]] <br />
:this project was started to supply a brief information about the OWASP projects. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Career Development Project|OWASP Career Development Project]] <br />
:The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]<br />
<br />
(Assessment Criteria v1.0) <br />
<br />
;[[:Category:OWASP Certification Project|OWASP Certification Project]] <br />
:our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. (Assessment Criteria v1.0)<br />
<br />
;[[:Cheat Sheets|OWASP Cheat Sheets Project]]<br />
:this project was created to provide a concise collection of high value information on specific security topics. These cheat sheets were created by multiple application security experts and provide excellent security guidance in an easy to read format. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Codes of Conduct|OWASP Codes of Conduct]]<br />
:to create and maintain OWASP Codes of Conduct. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP College Chapters Program|OWASP College Chapters Program]] <br />
:(Assessment Criteria v2.0)<br />
<br />
;[[OWASP Common Numbering Project|OWASP Common Numbering Project]] <br />
:a new numbering scheme that will be common across OWASP Guides and References (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP CBT Project|Computer Based Training Project (OWASP CBT Project)]] <br />
:the goal of this project is to provide computer based training on OWASP security related initiatives. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Communications Project|OWASP Communications Project]]<br />
<br />
(Assessment Criteria v1.0) <br />
<br />
;[[:Category:OWASP Cloud ‐ 10 Project|OWASP Cloud ‐ 10 Project]] <br />
:The goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Enterprise Application Security Project|OWASP Enterprise Application Security Project]] <br />
:provides guidance to people involved in the procurement, design, implementation or sign-off of large scale (ie 'Enterprise') applications. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Exams Project|OWASP Exams Project]] <br />
:The OWASP Exams project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators. (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Fiddler Addons for Security Testing Project|OWASP Fiddler Addons for Security Testing Project]] <br />
:a passive vulnerability scanner and an active XSS testing and input/output encoding detection (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Flash Security Project|OWASP Flash Security Project]] <br />
:investigating the security of Flash applications (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]] <br />
:a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements. (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Hungarian Translation Project|OWASP Hungarian Translation Project]] <br />
:we plan to translate OWASP material that we consider fundamental (ASVS, Bulding Guide, Testing Guide, Top 10) first, and move on later. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP German Language Project|OWASP German Language Project]]<br />
:(Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Individual and Corporate Member Packs plus Conference Attendee Packs Brief|OWASP Member Packs/Conference Attendee Packs]] <br />
:this is a project of corporate design to develop an Individual/Member Pack. (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Java Project|OWASP Java Project]] <br />
:a project focused on helping Java and J2EE developers build secure applications (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Logging Project|OWASP Logging Guide]] <br />
:a project to define best practices for logging and log management (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Mobile Security Project|OWASP Mobile Security Project]] <br />
:a project to help the community better understand the risks present in mobile applications, and learn to defend against them. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP Myth Breakers Project|OWASP Myth Breakers Project]]<br />
:a project similar to http://dsc.discovery.com/tv/mythbusters but for appsec, urban legends and assumptions regarding appsec will be tested and there'll be a set of examples that will prove the correctness/uncorrectness of a statement realted to the question. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP on the Move Project|OWASP on The Move Project]] <br />
:a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP PCI Project|OWASP PCI Project]] <br />
:a project to build and maintain community concensus for managing regulatory risk of web applications (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP PHP Project|OWASP PHP Project]] <br />
:a project focused on helping PHP developers build secure applications (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Portuguese Language Project|OWASP Portuguese Language Project]] <br />
:a project aiming to coordinate and push foward the iniciatives developed to translate OWASP materials to Portuguese. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Positive Security Project|OWASP Positive Security Project]] <br />
:a project to learn how companies are working to create a positive security approach on their own resources and use this knowledge to create a set of control, marketing and awareness tools that will be available to promote and construct a positive approach to security worldwide (Assessment Criteria v1.0)<br />
<br />
;[[OWASP RFP-Criteria|OWASP Request for Proposal]] <br />
:a project that is intended to provide a list of questions to consider when seeking a dynamic application security service provider. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP SASAP Project|OWASP Scholastic Application Security Assessment Project]] <br />
:a project that is intended to be the first step towards integrating security requirements in academic course curriculum (Assessment Criteria v1.0)<br />
<br />
;[[:OWASP Secure Password Project|OWASP Secure Password Project]] <br />
:a project that will have a two pronged approach designed to put more nails in the single-factor method of authentication (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Secure Web Application Framework Manifesto]] <br />
:this project is a document detailing a specific set of security requirements for developers of web application frameworks to adhere to. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Security Analysis of Core J2EE Design Patterns Project|OWASP Security Analysis of Core J2EE Design Patterns Project]] <br />
:a to be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Security Assurance Testing of Virtual Worlds Project|OWASP Security Assurance Testing of Virtual Worlds Project]] <br />
:a testing framework specific to Virtual World related applications (MMORGs) and environments (Assessment Criteria v2.0)<br />
<br />
;[[:OWASP Security Baseline Project|OWASP Security Baseline Project]] <br />
:aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Security Spending Benchmarks|OWASP Security Spending Benchmarks]] <br />
:provides insight to reduce operational appsec costs (Assessment Criteria v1.0)<br />
<br />
;[[:Category:Software Assurance Maturity Model|Software Assurance Maturity Model (SAMM)]] <br />
:this project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that's tailored to the specific business risks facing the organization.<br />
<br />
;[[OWASP Software Security Assurance Process|OWASP Software Security Assurance Process]]<br />
:To outlines mandatory and recommended processes and practices to manage risks associated with applications. Should be the framework to map Requirements, Dev and Testing guidelines for example. (Assessment Criteria v2.0)<br />
<br />
;[[OWASP Threat Modelling Project|OWASP Threat Modelling Project]]<br />
:(Assessment Criteria v2.0)<br />
<br />
;[[OWASP Uniform Reporting Guidelines|OWASP Uniform Reporting Guidelines]] <br />
:this project will complement the OWASP testing guide as well as the OWASP RFP Template. This is going to be a reporting template for vulnerability findings which will be free, base on industry best practices and hopefully will become the defacto standard. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Validation Project|OWASP Validation Project]] <br />
:a project that provides guidance and tools related to validation (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP WASS Project|OWASP WASS Guide]] <br />
:a standards project to develop more concrete criteria for secure applications (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP Web Application Scanner Specification Project|OWASP Web Application Scanner Specification Project]] <br />
:there will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. (Assessment Criteria v1.0)<br />
<br />
;[[OWASP Web Application Security Accessibility Project|OWASP Web Application Security Accessibility Project]]<br />
:this project will focus extensively on the issue of web application security accessibility. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]] <br />
:real-world web application security for Ruby on Rails, Apache and MySQL (Assessment Criteria v1.0)<br />
<br />
;[[:Category:OWASP XML Security Gateway Evaluation Criteria Project|OWASP XML Security Gateway Evaluation Criteria]] <br />
:a project to define evaluation criteria for XML Security Gateways (Assessment Criteria v1.0)<br />
<br />
;[[Security Ecosystem Project|OWASP Security Ecosystem Project]] <br />
:nobody (and no company) can build secure software by themselves. We have seen that vulnerability research can help to drive security forward in companies, but it’s a painful process. We envision a partnership between technology platform vendors and a thriving ecosystem focused on the security of their technology. (Assessment Criteria v2.0)<br />
<br />
;[[:Category:OWASP Speakers Project|OWASP Speakers Project]] <br />
:a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)<br />
<br />
|}<br />
<br />
=Inactive Projects=<br />
<br />
*Inactive projects are unrated projects (projects that have not reached any one of Alpha, Beta, or Release status) which may have been abandoned. Efforts are being made to contact project leads to determine status and plans for future work. <br />
*Projects are listed below.<br />
<br />
{| width="100%"<br />
|-<br />
! width="50%" | Tools <br />
! Documentation<br />
|- valign="top"<br />
| <br />
;[[:Category:OWASP CAL9000 Project|OWASP CAL9000 Project]] <br />
:a JavaScript based web application security testing suite<br />
<br />
;[[:Category:OWASP Google Hacking Project|OWASP Google Hacking Project]] <br />
:Google SOAP Search API with Perl<br />
<br />
;[[:Category:OWASP Interceptor Project|OWASP Interceptor Project]] <br />
:A testing tool for XML web service and Ajax interfaces.<br />
<br />
;[[:Category:OWASP LiveCD Education Project|OWASP Live CD Education Project]] <br />
:an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]] and [http://www.securitydistro.com/ Security Distro] (Assessment Criteria v1.0)<br />
<br />
| <br />
;[[:OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]] <br />
:This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.<br />
<br />
;[[:Category:OWASP Source Code Flaws Top 10 Project|OWASP Source Code Flaws Top 10 Project]] <br />
:a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review (Assessment Criteria v1.0)<br />
<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
{{PutInCategory}}</div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=118031OWASP ASIDE Project2011-09-26T17:39:05Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
<br />
We just presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis. <br />
<br />
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
2. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford and [[User:Bill Chu|Bill Chu]] , [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing, September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], Heather Richter Lipford, and [[User:John Melton|John T. Melton]], [http://webpages.uncc.edu/~jxie2/XIE-ACSAC2011.pdf ASIDE:IDE Support for Web Application Security], To appear in Proceedings of 27th Annual Computer Security Applications Conference, December 5–9, 2011, Orlando, FL, USA<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=116647OWASP ASIDE Project2011-09-02T14:15:17Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
2. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford and [[User:Bill Chu|Bill Chu]] , [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing, September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], Heather Richter Lipford, and [[User:John Melton|John T. Melton]], [http://webpages.uncc.edu/~jxie2/XIE-ACSAC2011.pdf ASIDE:IDE Support for Web Application Security], To appear in Proceedings of 27th Annual Computer Security Applications Conference, December 5–9, 2011, Orlando, FL, USA<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=116640OWASP ASIDE Project2011-09-02T14:14:01Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
2. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford and [[User:Bill Chu|Bill Chu]] , [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], To appear in Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing, September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], Heather Richter Lipford, and [[User:John Melton|John T. Melton]], [http://webpages.uncc.edu/~jxie2/XIE-ACSAC2011.pdf ASIDE:IDE Support for Web Application Security], To appear in Proceedings of 27th Annual Computer Security Applications Conference, December 5–9, 2011, Orlando, FL, USA<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=113057OWASP ASIDE Project2011-06-25T17:09:52Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project | Project About}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
2. [[User:Jing Xie|Jing Xie]], Heather Richter Lipford and [[User:Bill Chu|Bill Chu]] , [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], To appear in Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing, September 18–22, 2011, Pittsburgh, PA, USA<br />
<br />
...<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=107273OWASP ASIDE Project2011-03-21T19:06:59Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
...<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=106714OWASP ASIDE Project2011-03-13T20:13:18Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~xhu8/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
...<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=102968OWASP ASIDE Project2011-02-01T21:03:11Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project}}<br />
<br />
==== Take a Look ====<br />
<br />
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [flash demo].<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
...<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=102963OWASP ASIDE Project2011-02-01T20:41:24Z<p>Jing Xie: Add in our publication related to the project</p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project}}<br />
<br />
==== Take a Look ====<br />
<br />
<br />
==== Research Activities ====<br />
<br />
1. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]] and Heather Richter Lipford , [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], Proceedings of Engineering Secure Software and Systems Third International Symposium, ESSoS 2011, Madrid, Spain, February 2011<br />
<br />
...<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=OWASP_ASIDE_Project&diff=102447OWASP ASIDE Project2011-01-28T18:52:28Z<p>Jing Xie: </p>
<hr />
<div>==== Main ====<br />
Jing Xie, Bill Chu & John Melton,<br><br />
More information will be provided soon...<br />
<br />
==== Project About ====<br />
{{:Projects/OWASP ASIDE Project}}<br />
<br />
==== Take a Look ====<br />
<br />
<br />
==== Research Activities ====<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
<br />
[[Category:OWASP_Project|ASIDE Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]] <!---[[Category:OWASP_Download]]---></div>Jing Xiehttps://wiki.owasp.org/index.php?title=Projects/OWASP_ASIDE_Project&diff=94869Projects/OWASP ASIDE Project2010-12-02T22:16:15Z<p>Jing Xie: Added project leaders' wikiusernames</p>
<hr />
<div>{{Template:Project About<br />
| project_name = OWASP ASIDE Project<br />
| project_home_page = OWASP ASIDE Project<br />
<br />
| project_description =<br />
'''ASIDE''' is an abbreviation for '''Assured Software Integrated Development Environment'''. It is an Eclipse Plugin which is a software tool primarily designed to help students write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs. ASIDE may be useful by professional developers as well.<br />
<br />
| project_license =<br />
<br />
| leader_name1 = Jing Xie <br />
| leader_email1 = jxie2@uncc.edu<br />
| leader_username1 = Jing Xie<br />
<br />
| leader_name2 = Bill Chu<br />
| leader_email2 = billchu@uncc.edu<br />
| leader_username2 = Bill Chu<br />
<br />
| leader_name3 = John Melton<br />
| leader_email3 = john.melton@owasp.org<br />
| leader_username3 = John Melton<br />
<br />
| contributor_name[1-10] = <br />
| contributor_email[1-10] = <br />
| contributor_username[1-10] = <br />
<br />
| pamphlet_link = <br />
<br />
| presentation_link =<br />
<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-aside-project<br />
<br />
| project_road_map = http://www.owasp.org/images/f/f3/ASIDE_Roadmap_-_Dec_2010.pdf<br />
<br />
| links_url[1-10] = <br />
| links_name[1-10] = <br />
<br />
| release_1 = To be published soon<br />
| release_2 = <br />
| release_3 =<br />
| release_4 =<br />
}}</div>Jing Xie