OWASP - User contributions [en]

OWASP System Vulnerable Code Project

2015-04-19T20:36:41Z

Shezan: /* What is System Vulnerable Code Project? */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

==[[S. M. Shezan]] Best Project Leader Of The Year==

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:35:22Z

Shezan: /* S. M. Shezan Best Project Leader Of The Year */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:34:43Z

Shezan: /* Best Project Leader Of The Year */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

==[[S. M. Shezan]] Best Project Leader Of The Year==

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:33:34Z

Shezan: /* Best Project Leader */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

==Best Project Leader Of The Year==

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:32:38Z

Shezan: /* Best Project Leader */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

==Best Project Leader==

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:31:43Z

Shezan: /* Licensing */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

==Best Project Leader==

==Best Project Leader==

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:30:59Z

Shezan: /* Licensing */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

==Best Project Leader==

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:29:39Z

Shezan: /* Project Performance */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:28:57Z

Shezan: /* Project Performance */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |
[Best Project Of The Year]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-19T20:27:44Z

Shezan: /* Project Performance */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |
[[Best Project Of The Year]]

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

S. M. Shezan

2015-04-17T08:18:32Z

Shezan:

Contact: [http://www.facebook.com/smshezan S. M. Shezan] E-mail:[[shezan@owasp.org]]

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2013, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is an Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

==OWASP Contributions==

He has been contributing to OWASP since 2013. In 2013, along with Jeff Williams and Dave Wichers, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, He served as the de facto Chief Technology Officer of OWASP, until the OWASP Board established an Executive Director in mid 2013. During that time he negotiated and signed for virtually all contracts OWASP entered into with other parties. He also established all the technical for the OWASP Foundation and helped hire most of the employees of the OWASP Foundation. He volunteered to become the OWASP Conferences Chair where he launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2013, and helped launch the Global Conferences Committee in 2014, which organized the conferences from 2009 through 2012. The OWASP Conferences have grown to serve as a primary fundraising resource for OWASP. He has also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.

As a project leader to OWASP, Shezan is or has been:

* A continuous member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004 through the end of 2013,
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair from 2005 through 2008,
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]],
* Coauthor of the first version of the [[ASVS | OWASP Application Security Verification Standard]],
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
* Lead of the OWASP Prevention Cheat Sheet Series and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].

Category:OWASP Top Ten Project

2015-04-17T07:48:50Z

Shezan: /* What is the OWASP Top 10? */

=Main=
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Top 10==

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

==Translation Efforts==

The OWASP Top 10 has been translated to many different languages by numerous volunteers. These translations are available as follows:

* [[Top10#OWASP_Top_10_for_2013 | All versions of the OWASP Top 10 - 2013]]
* [[Top10#OWASP_Top_10_for_2010 | All versions of the OWASP Top 10 - 2010]]
* [[Top10#Translation_Efforts | Information about the various translation teams]]

==Licensing==
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

{{Social Media Links}}
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Top 10? ==

The OWASP Top 10 provides:

* A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:
* A description
* Example best vulnerabilities project [[OWASP System Vulnerable Code Project]]
* Example attacks
* Guidance on how to avoid
* References to OWASP and other related resources

== Project Leader ==

* [[User:Wichers | Dave Wichers]]
* [[S. M. Shezan]]

== Related Projects ==

* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]

* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]

* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]

* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]

* [[OWASP System Vulnerable Code Project]]

== Ohloh ==

*https://www.ohloh.net/p/OWASP-Top-10

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].

== Email List ==

[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
== News and Events ==
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Top 10 for 2013 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
* [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
* [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF)]
* [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].

The OWASP Top 10 - 2013 is as follows:

* [[Top_10_2013-A1-Injection | A1 Injection]]
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]

If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

*OWASP is reaching out to developers, not just the application security community
*The Top 10 is about managing risk, not just avoiding vulnerabilities
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Changes between 2010 and 2013 Editions ==

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

* A1 Injection
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration (was formerly 2010-A6)
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
* A10 Unvalidated Redirects and Forwards

== 2013 Versions ==

2013 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
*[https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
*[[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
*[[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
*[https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
*[https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]

== Feedback ==

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}



= OWASP Top 10 for 2010 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On April 19, 2010 the final version of the OWASP Top 10 for 2010 was released, and here is the associated [[OWASPTop10-2010-PressRelease|press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 - 2010 Document]
*[[Top 10 2010|OWASP Top 10 - 2010 - wiki]]
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]
*[http://blip.tv/owasp-appsec-conference-in-europe/day2_track1_1430-1505-3936900 OWASP Top 10 Video of the Presentation above - this focused alot on the Top 10 for 2010 approach, rather than the details. (From OWASP AppSec EU 2010)]
*[http://www.vimeo.com/9006276 OWASP Top 10 Video of this Presentation when the Top 10 for 2010 was 1st released for comment - this goes through each item in the Top 10. (From OWASP AppSec DC 2009)]

The OWASP Top 10 Web Application Security Risks for 2010 are:

*[[Top_10_2010-A1|A1: Injection]]
*[[Top_10_2010-A2|A2: Cross-Site Scripting (XSS)]]
*[[Top_10_2010-A3|A3: Broken Authentication and Session Management]]
*[[Top_10_2010-A4|A4: Insecure Direct Object References]]
*[[Top_10_2010-A5|A5: Cross-Site Request Forgery (CSRF)]]
*[[Top_10_2010-A6|A6: Security Misconfiguration]]
*[[Top_10_2010-A7|A7: Insecure Cryptographic Storage]]
*[[Top_10_2010-A8|A8: Failure to Restrict URL Access]]
*[[Top_10_2010-A9|A9: Insufficient Transport Layer Protection]]
*[[Top_10_2010-A10|A10: Unvalidated Redirects and Forwards]]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages and the 2010 version was translated into even more languages. See below for all the translated versions.

== 2010 Versions ==

2010 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
*[[Top 10 2010|OWASP Top 10 2010 - wiki]]

2010 Translations:

*[http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF / 这里下载PDF格式文档]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
*[[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]]
*[https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF]
*[http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF]
*[http://www.owasp.org/images/8/86/OWASP_Top_10_-_2010_FINAL_%28spanish%29.pptx OWASP Top 10 2010 - Spanish PPT]
*[http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF]

2010 Release Candidate:

*[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
*[http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Previous versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}

= Translation Efforts =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

Efforts are underway in numerous languages to translate the OWASP Top 10 for 2013. If you are interested in helping, please contact the other members of the team for the language you are interested in contributing to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Here is the original source document for the [https://www.owasp.org/images/4/4d/OWASP_Top_10_-_2013_Final_-_English.pptx OWASP Top 10 - 2013 which is in PowerPoint]. Please use this document as the basis for your translation efforts.

2013 Completed Translations:

* Arabic: [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic PDF] Translated by: Mohannad Shahat: Mohannad.Shahat@owasp.org, Fahad: @SecurityArk, Abdulellah Alsaheel: cs.saheel@gmail.com, Khalifa Alshamsi: Khs1618@gmail.com and Sabri(KING SABRI): king.sabri@gmail.com, Mohammed Aldossary: mohammed.aldossary@owasp.org
* Chinese 2013：中文版2013 [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)]. 项目组长： Rip 王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰
* Czech 2013: [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)] [https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx OWASP Top 10 2013 - Czech (PPTX)] CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: petr.zavodsky@owasp.org, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta
*French 2013: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French PDF] Ludovic Petit: Ludovic.Petit@owasp.org, Sébastien Gioria: Sebastien.Gioria@owasp.org, Erwan Abgrall: g4l4drim@gmail.com, Benjamin Avet: benjamin.avet@gmail.com, Jocelyn Aubert: jocelyn.aubert@owasp.org, Damien Azambour: damien.azambourg@owasp.org, Aline Barthelemy: aline.barthelemy@fr.abb.com, Moulay Abdsamad Belghiti: abdsamad.belghiti@gmail.com, Gregory Blanc: gregory.blanc@gmail.com, Clément Capel: clement.capel@sfr.com, Etienne Capgras: Etienne.capgras@solucom.fr, Julien Cayssol: julien@aqwz.com, Antonio Fontes: antonio.fontes@owasp.org, Ely de Travieso: Ely.detravieso@owasp.org, Nicolas Grégoire: nicolas.gregoire@agarri.fr, Valérie Lasserre: valerie.lasserre@gmx.fr, Antoine Laureau: antoine.laureau@owasp.org, Guillaume Lopes: lopes.guillaume@free.fr, Gilles Morain: gilles.morain@gmail.com, Christophe Pekar: christophe.pekar@owasp.org, Olivier Perret: perrets@free.fr, Michel Prunet: michel.prunet@owasp.org, Olivier Revollat: revollat@gmail.com, Aymeric Tabourin: aymeric.tabourin@orange.com
* German 2013: [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
* Hebrew 2013: [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf PDF] Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.
* Italian 2013: [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian PDF] Translated by: Michele Saporito: m.saporito7@gmail.com, Paolo Perego: thesp0nge@owasp.org, Matteo Meucci: matteo.meucci@owasp.org, Sara Gallo: sara.gallo@gmail.com, Alessandro Guido: alex@securityaddicted.com, Mirko Guido Spezie: mirko@dayu.it, Giuseppe Di Cesare: giuseppe.dicesare@alice.it, Paco Schiaffella: schiaffella@gmail.com, Gianluca Grasso: giandou@gmail.com, Alessio D'Ospina: alessiodos@gmail.com, Loredana Mancini: loredana.mancini@business-e.it, Alessio Petracca: alessio.petracca@gmail.com, Giuseppe Trotta: giutrotta@gmail.com, Simone Onofri: simone.onofri@gmail.com, Francesco Cossu: hambucker@gmail.com, Marco Lancini: marco.lancini.ml@gmail.com, Stefano Zanero: zanero@elet.polimi.it, Giovanni Schmid: giovanni.schmid@na.icar.cnr.it, Igor Falcomata': koba@sikurezza.org
*Japanese 2013: [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese PDF] Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari
* Korean 2013: [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korean PDF] (이름가나다순) 김병효:byounghyo.kim@owasp.org, 김지원:jiwon.kim@owasp.or.kr, 김효근:katuri@katuri.kr, 박정훈:xelion@gmail.com, 성영모:youngmo.seong@owasp.or.kr, 성윤기:yune.sung@owasp.org, 송보영:boyoung.song@owasp.or.kr, 송창기:factor7@naver.com, 유정호:griphis77@gmail.com, 장상민:sangmin.jang@owasp.or.kr, 전영재:youngjae.jeon@owasp.org, 정가람:tgcarrot@gmail.com, 정홍순:jhs728@gmail.com, 조민재:johnny.cho@owasp.org,허성무:issimplenet@gmail.com
*Brazilian Portuguese 2013: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese PDF] Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte
*Spanish 2013: [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish PDF] Gerardo Canedo: gerardo.canedo@owasp.org, Jorge Correa: jacorream@gmail.com, Fabien Spychiger: fabien.spychiger@dreamlab.net, Alberto Hill: alberto.daniel.hill@gmail.com, Johnatan Stanley: johnatanst@gmail.com, Maximiliano Alonzo: malonzo@tib.com.uy, Mateo Martinez: mateo.martinez@owasp.org, David Montero: david.montero@owasp.org, Rodrigo Martinez: rodmart@fing.edu.uy, Guillermo Skrilec: guillermo.skrilec@owasp.org, Felipe Zipitria: felipe.zipitria@owasp.org, Fabien Spychiger: fabien.spychiger@dreamlab.net, Rafael Gil: rafael.gillarios@owasp.org, Christian Lopez: christian.lopez.martin@owasp.org, jonathan fernandez jonathan.fernandez04@gmail.com, Paola Rodriguez: Paola_R1@verifone.com, Hector Aguirre: hector.antonio.aguirre@owasp.org, Roger Carhuatocto: rcarhuatocto@intix.info, Juan Carlos Calderon: johnccr@yahoo.com, Marc Rivero López: mriverolopez@gmail.com, Carlos Allendes: carlos.allendes@owasp.org, daniel@carrero.cl: daniel@carrero.cl, Manuel Ramírez: manuel.ramirez.s@gmail.com, Marco Miranda: marco.miranda@owasp.org, Mauricio D. Papaleo Mayada: mpapaleo@gmail.com, Felipe Sanchez: felipe.sanchez@peritajesinformaticos.cl, Juan Manuel Bahamonde: juanmanuel.bahamonde@gmail.com, Adrià Massanet: adriamassanet@gmail.com, Jorge Correa: jacorream@gmail.com, Ramiro Pulgar: ramiro.pulgar@owasp.org, German Alonso Suárez Guerrero: german.suarez@owasp.org, Jose A. Guasch: jaguasch@gmail.com, Edgar Salazar: edgar.salazar@owasp.org
*Ukrainian 2013: [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian PDF] Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky

2010 Completed Translations:

*Korean 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF] Hyungkeun Park, (mirrk1@gmail.com)
*Spanish 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF] *Daniel Cabezas Molina , Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera
*French 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF] ludovic.petit@owasp.org, sebastien.gioria@owasp.org, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
*German: [[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
*Indonesian: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF] Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad
*Italian: [http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF] Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni
*Japanese: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF] cecil.su@owasp.org, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima
*Chinese: [http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF] 感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东
*Vietnamese: [http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF] Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam
*Hebrew: [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew Project]] -- [https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]. Lead by Or Katz, see translation page for list of contributors.

Volunteer Translation Efforts Underway:

*Portuguese: carlos.j.serrao@gmail.com; taquiles@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
*Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
*Turkish: bora@abi.com.tr
*Malay: cecil.su@owasp.org
*Dutch: marinus@kuivenhoven.com
*Swedish: ake.bengtsson@owasp.org
*Hungarian: tibor.fekete@owasp.org
*Persian (Farsi): Shahab Namazikhah (namazikhah@hotmail.com)

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

= Some Commercial & OWASP Uses of the Top 10 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

'''Warning''': these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (WAF) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

;[http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
:as a way to measure the coverage of their SDL and improve security

;[http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
:in their developer guidance on web application security

;[https://www.pcisecuritystandards.org/index.shtml PCI Council]
:as part of the Payment Card Industry Data Security Standard (PCI DSS)

;[http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
:to show how "T10 threats are handled by the security design and test procedures of Microsoft"

;[[OWASP_Top_10/Mapping_to_WHID | OWASP]]
:OWASP Top 10 Mapped to the Web Hacking Incident Database

;[[OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks | OWASP]]
:OWASP Mobile Top 10 Risks

;[[OWASP_Top_Ten_Cheat_Sheet | OWASP]]
:OWASP Top 10 Cheat Sheet

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]][[Category:Popular]][[Category:SAMM-EG-1]]

Category:OWASP Top Ten Project

2015-04-17T07:47:28Z

Shezan: /* Related Projects */

=Main=
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Top 10==

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

==Translation Efforts==

The OWASP Top 10 has been translated to many different languages by numerous volunteers. These translations are available as follows:

* [[Top10#OWASP_Top_10_for_2013 | All versions of the OWASP Top 10 - 2013]]
* [[Top10#OWASP_Top_10_for_2010 | All versions of the OWASP Top 10 - 2010]]
* [[Top10#Translation_Efforts | Information about the various translation teams]]

==Licensing==
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

{{Social Media Links}}
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Top 10? ==

The OWASP Top 10 provides:

* A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:
* A description
* Example vulnerabilities
* Example attacks
* Guidance on how to avoid
* References to OWASP and other related resources

== Project Leader ==

* [[User:Wichers | Dave Wichers]]
* [[S. M. Shezan]]

== Related Projects ==

* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]

* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]

* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]

* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]

* [[OWASP System Vulnerable Code Project]]

== Ohloh ==

*https://www.ohloh.net/p/OWASP-Top-10

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].

== Email List ==

[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
== News and Events ==
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Top 10 for 2013 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
* [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
* [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF)]
* [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].

The OWASP Top 10 - 2013 is as follows:

* [[Top_10_2013-A1-Injection | A1 Injection]]
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]

If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

*OWASP is reaching out to developers, not just the application security community
*The Top 10 is about managing risk, not just avoiding vulnerabilities
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Changes between 2010 and 2013 Editions ==

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

* A1 Injection
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration (was formerly 2010-A6)
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
* A10 Unvalidated Redirects and Forwards

== 2013 Versions ==

2013 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
*[https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
*[[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
*[[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
*[https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
*[https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]

== Feedback ==

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}



= OWASP Top 10 for 2010 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On April 19, 2010 the final version of the OWASP Top 10 for 2010 was released, and here is the associated [[OWASPTop10-2010-PressRelease|press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 - 2010 Document]
*[[Top 10 2010|OWASP Top 10 - 2010 - wiki]]
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]
*[http://blip.tv/owasp-appsec-conference-in-europe/day2_track1_1430-1505-3936900 OWASP Top 10 Video of the Presentation above - this focused alot on the Top 10 for 2010 approach, rather than the details. (From OWASP AppSec EU 2010)]
*[http://www.vimeo.com/9006276 OWASP Top 10 Video of this Presentation when the Top 10 for 2010 was 1st released for comment - this goes through each item in the Top 10. (From OWASP AppSec DC 2009)]

The OWASP Top 10 Web Application Security Risks for 2010 are:

*[[Top_10_2010-A1|A1: Injection]]
*[[Top_10_2010-A2|A2: Cross-Site Scripting (XSS)]]
*[[Top_10_2010-A3|A3: Broken Authentication and Session Management]]
*[[Top_10_2010-A4|A4: Insecure Direct Object References]]
*[[Top_10_2010-A5|A5: Cross-Site Request Forgery (CSRF)]]
*[[Top_10_2010-A6|A6: Security Misconfiguration]]
*[[Top_10_2010-A7|A7: Insecure Cryptographic Storage]]
*[[Top_10_2010-A8|A8: Failure to Restrict URL Access]]
*[[Top_10_2010-A9|A9: Insufficient Transport Layer Protection]]
*[[Top_10_2010-A10|A10: Unvalidated Redirects and Forwards]]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages and the 2010 version was translated into even more languages. See below for all the translated versions.

== 2010 Versions ==

2010 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
*[[Top 10 2010|OWASP Top 10 2010 - wiki]]

2010 Translations:

*[http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF / 这里下载PDF格式文档]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
*[[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]]
*[https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF]
*[http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF]
*[http://www.owasp.org/images/8/86/OWASP_Top_10_-_2010_FINAL_%28spanish%29.pptx OWASP Top 10 2010 - Spanish PPT]
*[http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF]

2010 Release Candidate:

*[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
*[http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Previous versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}

= Translation Efforts =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

Efforts are underway in numerous languages to translate the OWASP Top 10 for 2013. If you are interested in helping, please contact the other members of the team for the language you are interested in contributing to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Here is the original source document for the [https://www.owasp.org/images/4/4d/OWASP_Top_10_-_2013_Final_-_English.pptx OWASP Top 10 - 2013 which is in PowerPoint]. Please use this document as the basis for your translation efforts.

2013 Completed Translations:

* Arabic: [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic PDF] Translated by: Mohannad Shahat: Mohannad.Shahat@owasp.org, Fahad: @SecurityArk, Abdulellah Alsaheel: cs.saheel@gmail.com, Khalifa Alshamsi: Khs1618@gmail.com and Sabri(KING SABRI): king.sabri@gmail.com, Mohammed Aldossary: mohammed.aldossary@owasp.org
* Chinese 2013：中文版2013 [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)]. 项目组长： Rip 王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰
* Czech 2013: [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)] [https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx OWASP Top 10 2013 - Czech (PPTX)] CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: petr.zavodsky@owasp.org, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta
*French 2013: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French PDF] Ludovic Petit: Ludovic.Petit@owasp.org, Sébastien Gioria: Sebastien.Gioria@owasp.org, Erwan Abgrall: g4l4drim@gmail.com, Benjamin Avet: benjamin.avet@gmail.com, Jocelyn Aubert: jocelyn.aubert@owasp.org, Damien Azambour: damien.azambourg@owasp.org, Aline Barthelemy: aline.barthelemy@fr.abb.com, Moulay Abdsamad Belghiti: abdsamad.belghiti@gmail.com, Gregory Blanc: gregory.blanc@gmail.com, Clément Capel: clement.capel@sfr.com, Etienne Capgras: Etienne.capgras@solucom.fr, Julien Cayssol: julien@aqwz.com, Antonio Fontes: antonio.fontes@owasp.org, Ely de Travieso: Ely.detravieso@owasp.org, Nicolas Grégoire: nicolas.gregoire@agarri.fr, Valérie Lasserre: valerie.lasserre@gmx.fr, Antoine Laureau: antoine.laureau@owasp.org, Guillaume Lopes: lopes.guillaume@free.fr, Gilles Morain: gilles.morain@gmail.com, Christophe Pekar: christophe.pekar@owasp.org, Olivier Perret: perrets@free.fr, Michel Prunet: michel.prunet@owasp.org, Olivier Revollat: revollat@gmail.com, Aymeric Tabourin: aymeric.tabourin@orange.com
* German 2013: [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
* Hebrew 2013: [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf PDF] Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.
* Italian 2013: [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian PDF] Translated by: Michele Saporito: m.saporito7@gmail.com, Paolo Perego: thesp0nge@owasp.org, Matteo Meucci: matteo.meucci@owasp.org, Sara Gallo: sara.gallo@gmail.com, Alessandro Guido: alex@securityaddicted.com, Mirko Guido Spezie: mirko@dayu.it, Giuseppe Di Cesare: giuseppe.dicesare@alice.it, Paco Schiaffella: schiaffella@gmail.com, Gianluca Grasso: giandou@gmail.com, Alessio D'Ospina: alessiodos@gmail.com, Loredana Mancini: loredana.mancini@business-e.it, Alessio Petracca: alessio.petracca@gmail.com, Giuseppe Trotta: giutrotta@gmail.com, Simone Onofri: simone.onofri@gmail.com, Francesco Cossu: hambucker@gmail.com, Marco Lancini: marco.lancini.ml@gmail.com, Stefano Zanero: zanero@elet.polimi.it, Giovanni Schmid: giovanni.schmid@na.icar.cnr.it, Igor Falcomata': koba@sikurezza.org
*Japanese 2013: [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese PDF] Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari
* Korean 2013: [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korean PDF] (이름가나다순) 김병효:byounghyo.kim@owasp.org, 김지원:jiwon.kim@owasp.or.kr, 김효근:katuri@katuri.kr, 박정훈:xelion@gmail.com, 성영모:youngmo.seong@owasp.or.kr, 성윤기:yune.sung@owasp.org, 송보영:boyoung.song@owasp.or.kr, 송창기:factor7@naver.com, 유정호:griphis77@gmail.com, 장상민:sangmin.jang@owasp.or.kr, 전영재:youngjae.jeon@owasp.org, 정가람:tgcarrot@gmail.com, 정홍순:jhs728@gmail.com, 조민재:johnny.cho@owasp.org,허성무:issimplenet@gmail.com
*Brazilian Portuguese 2013: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese PDF] Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte
*Spanish 2013: [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish PDF] Gerardo Canedo: gerardo.canedo@owasp.org, Jorge Correa: jacorream@gmail.com, Fabien Spychiger: fabien.spychiger@dreamlab.net, Alberto Hill: alberto.daniel.hill@gmail.com, Johnatan Stanley: johnatanst@gmail.com, Maximiliano Alonzo: malonzo@tib.com.uy, Mateo Martinez: mateo.martinez@owasp.org, David Montero: david.montero@owasp.org, Rodrigo Martinez: rodmart@fing.edu.uy, Guillermo Skrilec: guillermo.skrilec@owasp.org, Felipe Zipitria: felipe.zipitria@owasp.org, Fabien Spychiger: fabien.spychiger@dreamlab.net, Rafael Gil: rafael.gillarios@owasp.org, Christian Lopez: christian.lopez.martin@owasp.org, jonathan fernandez jonathan.fernandez04@gmail.com, Paola Rodriguez: Paola_R1@verifone.com, Hector Aguirre: hector.antonio.aguirre@owasp.org, Roger Carhuatocto: rcarhuatocto@intix.info, Juan Carlos Calderon: johnccr@yahoo.com, Marc Rivero López: mriverolopez@gmail.com, Carlos Allendes: carlos.allendes@owasp.org, daniel@carrero.cl: daniel@carrero.cl, Manuel Ramírez: manuel.ramirez.s@gmail.com, Marco Miranda: marco.miranda@owasp.org, Mauricio D. Papaleo Mayada: mpapaleo@gmail.com, Felipe Sanchez: felipe.sanchez@peritajesinformaticos.cl, Juan Manuel Bahamonde: juanmanuel.bahamonde@gmail.com, Adrià Massanet: adriamassanet@gmail.com, Jorge Correa: jacorream@gmail.com, Ramiro Pulgar: ramiro.pulgar@owasp.org, German Alonso Suárez Guerrero: german.suarez@owasp.org, Jose A. Guasch: jaguasch@gmail.com, Edgar Salazar: edgar.salazar@owasp.org
*Ukrainian 2013: [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian PDF] Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky

2010 Completed Translations:

*Korean 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF] Hyungkeun Park, (mirrk1@gmail.com)
*Spanish 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF] *Daniel Cabezas Molina , Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera
*French 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF] ludovic.petit@owasp.org, sebastien.gioria@owasp.org, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
*German: [[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
*Indonesian: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF] Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad
*Italian: [http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF] Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni
*Japanese: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF] cecil.su@owasp.org, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima
*Chinese: [http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF] 感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东
*Vietnamese: [http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF] Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam
*Hebrew: [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew Project]] -- [https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]. Lead by Or Katz, see translation page for list of contributors.

Volunteer Translation Efforts Underway:

*Portuguese: carlos.j.serrao@gmail.com; taquiles@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
*Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
*Turkish: bora@abi.com.tr
*Malay: cecil.su@owasp.org
*Dutch: marinus@kuivenhoven.com
*Swedish: ake.bengtsson@owasp.org
*Hungarian: tibor.fekete@owasp.org
*Persian (Farsi): Shahab Namazikhah (namazikhah@hotmail.com)

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

= Some Commercial & OWASP Uses of the Top 10 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

'''Warning''': these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (WAF) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

;[http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
:as a way to measure the coverage of their SDL and improve security

;[http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
:in their developer guidance on web application security

;[https://www.pcisecuritystandards.org/index.shtml PCI Council]
:as part of the Payment Card Industry Data Security Standard (PCI DSS)

;[http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
:to show how "T10 threats are handled by the security design and test procedures of Microsoft"

;[[OWASP_Top_10/Mapping_to_WHID | OWASP]]
:OWASP Top 10 Mapped to the Web Hacking Incident Database

;[[OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks | OWASP]]
:OWASP Mobile Top 10 Risks

;[[OWASP_Top_Ten_Cheat_Sheet | OWASP]]
:OWASP Top 10 Cheat Sheet

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]][[Category:Popular]][[Category:SAMM-EG-1]]

OWASP System Vulnerable Code Project

2015-04-17T07:38:48Z

Shezan: /* Project Leader */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

message: [http://www.facebook.com/smshezan S. M. Shezan]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-17T07:34:48Z

Shezan: /* Project Leader */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Expert

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2015-04-17T07:32:08Z

Shezan: /* Project Leader */

=Main=

<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File:Incubator_big.jpg|link=OWASP_Project_Stages#tab=Incubator_Projects]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

[[S. M. Shezan]]

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

S. M. Shezan

2015-04-17T07:27:50Z

Shezan:

Contact: [http://www.facebook.com/smshezan S. M. Shezan] E-mail:[[shezan@owasp.org]]

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2013, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is a Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

==OWASP Contributions==

He has been contributing to OWASP since 2013. In 2013, along with Jeff Williams and Dave Wichers, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, He served as the de facto Chief Technology Officer of OWASP, until the OWASP Board established an Executive Director in mid 2013. During that time he negotiated and signed for virtually all contracts OWASP entered into with other parties. He also established all the technical for the OWASP Foundation and helped hire most of the employees of the OWASP Foundation. He volunteered to become the OWASP Conferences Chair where he launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2013, and helped launch the Global Conferences Committee in 2014, which organized the conferences from 2009 through 2012. The OWASP Conferences have grown to serve as a primary fundraising resource for OWASP. He has also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.

As a project leader to OWASP, Shezan is or has been:

* A continuous member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004 through the end of 2013,
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair from 2005 through 2008,
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]],
* Coauthor of the first version of the [[ASVS | OWASP Application Security Verification Standard]],
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
* Lead of the OWASP Prevention Cheat Sheet Series and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].

S. M. Shezan

2015-04-17T07:24:36Z

Shezan: /* OWASP Contributions */

Contact: [http://www.facebook.com/smshezan S. M. Shezan] [[shezan@owasp.org]]

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2013, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is a Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

==OWASP Contributions==

He has been contributing to OWASP since 2013. In 2013, along with Jeff Williams and Dave Wichers, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, He served as the de facto Chief Technology Officer of OWASP, until the OWASP Board established an Executive Director in mid 2013. During that time he negotiated and signed for virtually all contracts OWASP entered into with other parties. He also established all the technical for the OWASP Foundation and helped hire most of the employees of the OWASP Foundation. He volunteered to become the OWASP Conferences Chair where he launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2013, and helped launch the Global Conferences Committee in 2014, which organized the conferences from 2009 through 2012. The OWASP Conferences have grown to serve as a primary fundraising resource for OWASP. He has also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.

As a project leader to OWASP, Shezan is or has been:

* A continuous member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004 through the end of 2013,
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair from 2005 through 2008,
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]],
* Coauthor of the first version of the [[ASVS | OWASP Application Security Verification Standard]],
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
* Lead of the OWASP Prevention Cheat Sheet Series and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].

S. M. Shezan

2015-04-17T07:20:03Z

Shezan:

Contact: [http://www.facebook.com/smshezan S. M. Shezan] [[shezan@owasp.org]]

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2013, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is a Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

==OWASP Contributions==

I have been contributing to OWASP since 2013. In 2013, along with Jeff Williams and Dave Wichers, we established the 501c3 organization that is now the OWASP Foundation. Since establishing the OWASP Foundation, I served as the de facto Chief Financial Officer of OWASP, until the OWASP Board established an Executive Director in mid 2013. During that time I negotiated and signed for virtually all contracts OWASP entered into with other parties. I also established all the financial accounts for the OWASP Foundation including bank accounts, credit cards, tax IDs, and helped hire most of the employees of the OWASP Foundation. I also helped determine the employee benefits these employees would receive, and established the procedures for how they would receive those benefits including health insurance, payroll, etc. In late 2014, I volunteered to become the OWASP Conferences Chair where I launched the OWASP Conferences Series, personally organized all the U.S. and European AppSec conferences from 2005 through 2013, and helped launch the Global Conferences Committee in 2014, which organized the conferences from 2009 through 2012. The OWASP Conferences have grown to serve as a primary fundraising resource for OWASP. I have also spent countless hours helping to initially establish the OWASP wiki, and then continuing to improve it, proofreading articles, encouraging others to contribute, etc.

As a volunteer to OWASP, Dave is or has been:

* A continuous member of the [[About_OWASP#Global_Board_Members|OWASP Board]] since it was established in 2004 through the end of 2013,
* The [[:Category:OWASP_AppSec_Conference | OWASP Conferences]] Chair from 2005 through 2008,
* Project lead and coauthor of the [[OWASP_Top_Ten_Project | OWASP Top 10]],
* Coauthor of the first version of the [[ASVS | OWASP Application Security Verification Standard]],
* Contributor to the [[ESAPI | OWASP Enterprise Security API (ESAPI)]] project,
* Lead of the OWASP Prevention Cheat Sheet Series and primary author of the [[SQL_Injection_Prevention_Cheat_Sheet | SQL Injection Prevention Cheat Sheet]].

For more details than this short bio on what I've done at OWASP, listen to my [https://www.owasp.org/download/jmanico/owasp_podcast_82.mp3 OWASP podcast].

[[:Special:Contributions/Wichers|Wiki Contributions]]

S. M. Shezan

2015-04-17T07:14:38Z

Shezan:

S. M. Shezan

2015-04-17T07:13:29Z

Shezan:

Contact: [http://www.facebook.com/smshezan S. M. Shezan]
Mailing Address: shezan@owasp.org

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2013, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is a Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

S. M. Shezan

2015-04-17T07:11:28Z

Shezan:

[http://www.facebook.com/smshezan S. M. Shezan]

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2013, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is a Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

Category:OWASP Top Ten Project

2015-04-17T07:10:55Z

Shezan: /* Project Leader */

=Main=
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Top 10==

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

==Translation Efforts==

The OWASP Top 10 has been translated to many different languages by numerous volunteers. These translations are available as follows:

* [[Top10#OWASP_Top_10_for_2013 | All versions of the OWASP Top 10 - 2013]]
* [[Top10#OWASP_Top_10_for_2010 | All versions of the OWASP Top 10 - 2010]]
* [[Top10#Translation_Efforts | Information about the various translation teams]]

==Licensing==
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

{{Social Media Links}}
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Top 10? ==

The OWASP Top 10 provides:

* A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:
* A description
* Example vulnerabilities
* Example attacks
* Guidance on how to avoid
* References to OWASP and other related resources

== Project Leader ==

* [[User:Wichers | Dave Wichers]]
* [[S. M. Shezan]]

== Related Projects ==

* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]

* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]

* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]

* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]

== Ohloh ==

*https://www.ohloh.net/p/OWASP-Top-10

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].

== Email List ==

[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
== News and Events ==
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Top 10 for 2013 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
* [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
* [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF)]
* [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].

The OWASP Top 10 - 2013 is as follows:

* [[Top_10_2013-A1-Injection | A1 Injection]]
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]

If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

*OWASP is reaching out to developers, not just the application security community
*The Top 10 is about managing risk, not just avoiding vulnerabilities
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Changes between 2010 and 2013 Editions ==

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

* A1 Injection
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration (was formerly 2010-A6)
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
* A10 Unvalidated Redirects and Forwards

== 2013 Versions ==

2013 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
*[https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
*[[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
*[[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
*[https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
*[https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]

== Feedback ==

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}



= OWASP Top 10 for 2010 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On April 19, 2010 the final version of the OWASP Top 10 for 2010 was released, and here is the associated [[OWASPTop10-2010-PressRelease|press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 - 2010 Document]
*[[Top 10 2010|OWASP Top 10 - 2010 - wiki]]
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]
*[http://blip.tv/owasp-appsec-conference-in-europe/day2_track1_1430-1505-3936900 OWASP Top 10 Video of the Presentation above - this focused alot on the Top 10 for 2010 approach, rather than the details. (From OWASP AppSec EU 2010)]
*[http://www.vimeo.com/9006276 OWASP Top 10 Video of this Presentation when the Top 10 for 2010 was 1st released for comment - this goes through each item in the Top 10. (From OWASP AppSec DC 2009)]

The OWASP Top 10 Web Application Security Risks for 2010 are:

*[[Top_10_2010-A1|A1: Injection]]
*[[Top_10_2010-A2|A2: Cross-Site Scripting (XSS)]]
*[[Top_10_2010-A3|A3: Broken Authentication and Session Management]]
*[[Top_10_2010-A4|A4: Insecure Direct Object References]]
*[[Top_10_2010-A5|A5: Cross-Site Request Forgery (CSRF)]]
*[[Top_10_2010-A6|A6: Security Misconfiguration]]
*[[Top_10_2010-A7|A7: Insecure Cryptographic Storage]]
*[[Top_10_2010-A8|A8: Failure to Restrict URL Access]]
*[[Top_10_2010-A9|A9: Insufficient Transport Layer Protection]]
*[[Top_10_2010-A10|A10: Unvalidated Redirects and Forwards]]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages and the 2010 version was translated into even more languages. See below for all the translated versions.

== 2010 Versions ==

2010 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
*[[Top 10 2010|OWASP Top 10 2010 - wiki]]

2010 Translations:

*[http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF / 这里下载PDF格式文档]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
*[[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]]
*[https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF]
*[http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF]
*[http://www.owasp.org/images/8/86/OWASP_Top_10_-_2010_FINAL_%28spanish%29.pptx OWASP Top 10 2010 - Spanish PPT]
*[http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF]

2010 Release Candidate:

*[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
*[http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Previous versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}

= Translation Efforts =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

Efforts are underway in numerous languages to translate the OWASP Top 10 for 2013. If you are interested in helping, please contact the other members of the team for the language you are interested in contributing to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Here is the original source document for the [https://www.owasp.org/images/4/4d/OWASP_Top_10_-_2013_Final_-_English.pptx OWASP Top 10 - 2013 which is in PowerPoint]. Please use this document as the basis for your translation efforts.

2013 Completed Translations:

* Arabic: [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic PDF] Translated by: Mohannad Shahat: Mohannad.Shahat@owasp.org, Fahad: @SecurityArk, Abdulellah Alsaheel: cs.saheel@gmail.com, Khalifa Alshamsi: Khs1618@gmail.com and Sabri(KING SABRI): king.sabri@gmail.com, Mohammed Aldossary: mohammed.aldossary@owasp.org
* Chinese 2013：中文版2013 [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)]. 项目组长： Rip 王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰
* Czech 2013: [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)] [https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx OWASP Top 10 2013 - Czech (PPTX)] CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: petr.zavodsky@owasp.org, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta
*French 2013: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French PDF] Ludovic Petit: Ludovic.Petit@owasp.org, Sébastien Gioria: Sebastien.Gioria@owasp.org, Erwan Abgrall: g4l4drim@gmail.com, Benjamin Avet: benjamin.avet@gmail.com, Jocelyn Aubert: jocelyn.aubert@owasp.org, Damien Azambour: damien.azambourg@owasp.org, Aline Barthelemy: aline.barthelemy@fr.abb.com, Moulay Abdsamad Belghiti: abdsamad.belghiti@gmail.com, Gregory Blanc: gregory.blanc@gmail.com, Clément Capel: clement.capel@sfr.com, Etienne Capgras: Etienne.capgras@solucom.fr, Julien Cayssol: julien@aqwz.com, Antonio Fontes: antonio.fontes@owasp.org, Ely de Travieso: Ely.detravieso@owasp.org, Nicolas Grégoire: nicolas.gregoire@agarri.fr, Valérie Lasserre: valerie.lasserre@gmx.fr, Antoine Laureau: antoine.laureau@owasp.org, Guillaume Lopes: lopes.guillaume@free.fr, Gilles Morain: gilles.morain@gmail.com, Christophe Pekar: christophe.pekar@owasp.org, Olivier Perret: perrets@free.fr, Michel Prunet: michel.prunet@owasp.org, Olivier Revollat: revollat@gmail.com, Aymeric Tabourin: aymeric.tabourin@orange.com
* German 2013: [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
* Hebrew 2013: [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf PDF] Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.
* Italian 2013: [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian PDF] Translated by: Michele Saporito: m.saporito7@gmail.com, Paolo Perego: thesp0nge@owasp.org, Matteo Meucci: matteo.meucci@owasp.org, Sara Gallo: sara.gallo@gmail.com, Alessandro Guido: alex@securityaddicted.com, Mirko Guido Spezie: mirko@dayu.it, Giuseppe Di Cesare: giuseppe.dicesare@alice.it, Paco Schiaffella: schiaffella@gmail.com, Gianluca Grasso: giandou@gmail.com, Alessio D'Ospina: alessiodos@gmail.com, Loredana Mancini: loredana.mancini@business-e.it, Alessio Petracca: alessio.petracca@gmail.com, Giuseppe Trotta: giutrotta@gmail.com, Simone Onofri: simone.onofri@gmail.com, Francesco Cossu: hambucker@gmail.com, Marco Lancini: marco.lancini.ml@gmail.com, Stefano Zanero: zanero@elet.polimi.it, Giovanni Schmid: giovanni.schmid@na.icar.cnr.it, Igor Falcomata': koba@sikurezza.org
*Japanese 2013: [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese PDF] Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari
* Korean 2013: [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korean PDF] (이름가나다순) 김병효:byounghyo.kim@owasp.org, 김지원:jiwon.kim@owasp.or.kr, 김효근:katuri@katuri.kr, 박정훈:xelion@gmail.com, 성영모:youngmo.seong@owasp.or.kr, 성윤기:yune.sung@owasp.org, 송보영:boyoung.song@owasp.or.kr, 송창기:factor7@naver.com, 유정호:griphis77@gmail.com, 장상민:sangmin.jang@owasp.or.kr, 전영재:youngjae.jeon@owasp.org, 정가람:tgcarrot@gmail.com, 정홍순:jhs728@gmail.com, 조민재:johnny.cho@owasp.org,허성무:issimplenet@gmail.com
*Brazilian Portuguese 2013: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese PDF] Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte
*Spanish 2013: [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish PDF] Gerardo Canedo: gerardo.canedo@owasp.org, Jorge Correa: jacorream@gmail.com, Fabien Spychiger: fabien.spychiger@dreamlab.net, Alberto Hill: alberto.daniel.hill@gmail.com, Johnatan Stanley: johnatanst@gmail.com, Maximiliano Alonzo: malonzo@tib.com.uy, Mateo Martinez: mateo.martinez@owasp.org, David Montero: david.montero@owasp.org, Rodrigo Martinez: rodmart@fing.edu.uy, Guillermo Skrilec: guillermo.skrilec@owasp.org, Felipe Zipitria: felipe.zipitria@owasp.org, Fabien Spychiger: fabien.spychiger@dreamlab.net, Rafael Gil: rafael.gillarios@owasp.org, Christian Lopez: christian.lopez.martin@owasp.org, jonathan fernandez jonathan.fernandez04@gmail.com, Paola Rodriguez: Paola_R1@verifone.com, Hector Aguirre: hector.antonio.aguirre@owasp.org, Roger Carhuatocto: rcarhuatocto@intix.info, Juan Carlos Calderon: johnccr@yahoo.com, Marc Rivero López: mriverolopez@gmail.com, Carlos Allendes: carlos.allendes@owasp.org, daniel@carrero.cl: daniel@carrero.cl, Manuel Ramírez: manuel.ramirez.s@gmail.com, Marco Miranda: marco.miranda@owasp.org, Mauricio D. Papaleo Mayada: mpapaleo@gmail.com, Felipe Sanchez: felipe.sanchez@peritajesinformaticos.cl, Juan Manuel Bahamonde: juanmanuel.bahamonde@gmail.com, Adrià Massanet: adriamassanet@gmail.com, Jorge Correa: jacorream@gmail.com, Ramiro Pulgar: ramiro.pulgar@owasp.org, German Alonso Suárez Guerrero: german.suarez@owasp.org, Jose A. Guasch: jaguasch@gmail.com, Edgar Salazar: edgar.salazar@owasp.org
*Ukrainian 2013: [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian PDF] Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky

2010 Completed Translations:

*Korean 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF] Hyungkeun Park, (mirrk1@gmail.com)
*Spanish 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF] *Daniel Cabezas Molina , Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera
*French 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF] ludovic.petit@owasp.org, sebastien.gioria@owasp.org, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
*German: [[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
*Indonesian: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF] Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad
*Italian: [http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF] Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni
*Japanese: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF] cecil.su@owasp.org, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima
*Chinese: [http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF] 感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东
*Vietnamese: [http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF] Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam
*Hebrew: [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew Project]] -- [https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]. Lead by Or Katz, see translation page for list of contributors.

Volunteer Translation Efforts Underway:

*Portuguese: carlos.j.serrao@gmail.com; taquiles@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
*Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
*Turkish: bora@abi.com.tr
*Malay: cecil.su@owasp.org
*Dutch: marinus@kuivenhoven.com
*Swedish: ake.bengtsson@owasp.org
*Hungarian: tibor.fekete@owasp.org
*Persian (Farsi): Shahab Namazikhah (namazikhah@hotmail.com)

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

= Some Commercial & OWASP Uses of the Top 10 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

'''Warning''': these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (WAF) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

;[http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
:as a way to measure the coverage of their SDL and improve security

;[http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
:in their developer guidance on web application security

;[https://www.pcisecuritystandards.org/index.shtml PCI Council]
:as part of the Payment Card Industry Data Security Standard (PCI DSS)

;[http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
:to show how "T10 threats are handled by the security design and test procedures of Microsoft"

;[[OWASP_Top_10/Mapping_to_WHID | OWASP]]
:OWASP Top 10 Mapped to the Web Hacking Incident Database

;[[OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks | OWASP]]
:OWASP Mobile Top 10 Risks

;[[OWASP_Top_Ten_Cheat_Sheet | OWASP]]
:OWASP Top 10 Cheat Sheet

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]][[Category:Popular]][[Category:SAMM-EG-1]]

User:Shezan

2015-04-17T07:08:40Z

Shezan:

==BIO==

S. M. Shezan is a project leader of [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project OWASP System Vulnerable Code Project]. He is a long time contributor to OWASP, helping to establish the OWASP since 2013, serving on the [[Board | OWASP Board]] since it was formed from 2004 through 2013. He is a coauthor of the [[Top10 | OWASP Top 10]] and has led the project since 2007, and has contributed to numerous other important OWASP projects including [[WebGoat]], [[ESAPI]], [[ASVS]], and the [[Cheat Sheets | OWASP Cheat Sheet Series]].

Shezan is also involved in developing a new type of application vulnerability analysis technology that uses instrumentation to detect vulnerabilities inside of a running web application.

Shezan is from Dhaka, Bangladesh. He is a Information Security Expert at [http://www.ictd.gov.bd Ministry of Information and Communication Technology, Bangladesh]

Category:OWASP Top Ten Project

2015-04-17T07:01:08Z

Shezan: /* Project Leader */

=Main=
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Top 10==

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

==Translation Efforts==

The OWASP Top 10 has been translated to many different languages by numerous volunteers. These translations are available as follows:

* [[Top10#OWASP_Top_10_for_2013 | All versions of the OWASP Top 10 - 2013]]
* [[Top10#OWASP_Top_10_for_2010 | All versions of the OWASP Top 10 - 2010]]
* [[Top10#Translation_Efforts | Information about the various translation teams]]

==Licensing==
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

{{Social Media Links}}
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Top 10? ==

The OWASP Top 10 provides:

* A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:
* A description
* Example vulnerabilities
* Example attacks
* Guidance on how to avoid
* References to OWASP and other related resources

== Project Leader ==

* [[User:Wichers | Dave Wichers]]
* [[User:Shezan | S. M. Shezan]]

== Related Projects ==

* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]

* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]

* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]

* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]

== Ohloh ==

*https://www.ohloh.net/p/OWASP-Top-10

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].

== Email List ==

[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
== News and Events ==
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Top 10 for 2013 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
* [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
* [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF)]
* [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].

The OWASP Top 10 - 2013 is as follows:

* [[Top_10_2013-A1-Injection | A1 Injection]]
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]

If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

*OWASP is reaching out to developers, not just the application security community
*The Top 10 is about managing risk, not just avoiding vulnerabilities
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Changes between 2010 and 2013 Editions ==

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

* A1 Injection
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration (was formerly 2010-A6)
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
* A10 Unvalidated Redirects and Forwards

== 2013 Versions ==

2013 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
*[https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
*[[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
*[[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
*[https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
*[https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]

== Feedback ==

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}



= OWASP Top 10 for 2010 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On April 19, 2010 the final version of the OWASP Top 10 for 2010 was released, and here is the associated [[OWASPTop10-2010-PressRelease|press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 - 2010 Document]
*[[Top 10 2010|OWASP Top 10 - 2010 - wiki]]
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]
*[http://blip.tv/owasp-appsec-conference-in-europe/day2_track1_1430-1505-3936900 OWASP Top 10 Video of the Presentation above - this focused alot on the Top 10 for 2010 approach, rather than the details. (From OWASP AppSec EU 2010)]
*[http://www.vimeo.com/9006276 OWASP Top 10 Video of this Presentation when the Top 10 for 2010 was 1st released for comment - this goes through each item in the Top 10. (From OWASP AppSec DC 2009)]

The OWASP Top 10 Web Application Security Risks for 2010 are:

*[[Top_10_2010-A1|A1: Injection]]
*[[Top_10_2010-A2|A2: Cross-Site Scripting (XSS)]]
*[[Top_10_2010-A3|A3: Broken Authentication and Session Management]]
*[[Top_10_2010-A4|A4: Insecure Direct Object References]]
*[[Top_10_2010-A5|A5: Cross-Site Request Forgery (CSRF)]]
*[[Top_10_2010-A6|A6: Security Misconfiguration]]
*[[Top_10_2010-A7|A7: Insecure Cryptographic Storage]]
*[[Top_10_2010-A8|A8: Failure to Restrict URL Access]]
*[[Top_10_2010-A9|A9: Insufficient Transport Layer Protection]]
*[[Top_10_2010-A10|A10: Unvalidated Redirects and Forwards]]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages and the 2010 version was translated into even more languages. See below for all the translated versions.

== 2010 Versions ==

2010 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
*[[Top 10 2010|OWASP Top 10 2010 - wiki]]

2010 Translations:

*[http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF / 这里下载PDF格式文档]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
*[[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]]
*[https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF]
*[http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF]
*[http://www.owasp.org/images/8/86/OWASP_Top_10_-_2010_FINAL_%28spanish%29.pptx OWASP Top 10 2010 - Spanish PPT]
*[http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF]

2010 Release Candidate:

*[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
*[http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Previous versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}

= Translation Efforts =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

Efforts are underway in numerous languages to translate the OWASP Top 10 for 2013. If you are interested in helping, please contact the other members of the team for the language you are interested in contributing to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Here is the original source document for the [https://www.owasp.org/images/4/4d/OWASP_Top_10_-_2013_Final_-_English.pptx OWASP Top 10 - 2013 which is in PowerPoint]. Please use this document as the basis for your translation efforts.

2013 Completed Translations:

* Arabic: [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic PDF] Translated by: Mohannad Shahat: Mohannad.Shahat@owasp.org, Fahad: @SecurityArk, Abdulellah Alsaheel: cs.saheel@gmail.com, Khalifa Alshamsi: Khs1618@gmail.com and Sabri(KING SABRI): king.sabri@gmail.com, Mohammed Aldossary: mohammed.aldossary@owasp.org
* Chinese 2013：中文版2013 [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)]. 项目组长： Rip 王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰
* Czech 2013: [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)] [https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx OWASP Top 10 2013 - Czech (PPTX)] CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: petr.zavodsky@owasp.org, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta
*French 2013: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French PDF] Ludovic Petit: Ludovic.Petit@owasp.org, Sébastien Gioria: Sebastien.Gioria@owasp.org, Erwan Abgrall: g4l4drim@gmail.com, Benjamin Avet: benjamin.avet@gmail.com, Jocelyn Aubert: jocelyn.aubert@owasp.org, Damien Azambour: damien.azambourg@owasp.org, Aline Barthelemy: aline.barthelemy@fr.abb.com, Moulay Abdsamad Belghiti: abdsamad.belghiti@gmail.com, Gregory Blanc: gregory.blanc@gmail.com, Clément Capel: clement.capel@sfr.com, Etienne Capgras: Etienne.capgras@solucom.fr, Julien Cayssol: julien@aqwz.com, Antonio Fontes: antonio.fontes@owasp.org, Ely de Travieso: Ely.detravieso@owasp.org, Nicolas Grégoire: nicolas.gregoire@agarri.fr, Valérie Lasserre: valerie.lasserre@gmx.fr, Antoine Laureau: antoine.laureau@owasp.org, Guillaume Lopes: lopes.guillaume@free.fr, Gilles Morain: gilles.morain@gmail.com, Christophe Pekar: christophe.pekar@owasp.org, Olivier Perret: perrets@free.fr, Michel Prunet: michel.prunet@owasp.org, Olivier Revollat: revollat@gmail.com, Aymeric Tabourin: aymeric.tabourin@orange.com
* German 2013: [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
* Hebrew 2013: [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf PDF] Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.
* Italian 2013: [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian PDF] Translated by: Michele Saporito: m.saporito7@gmail.com, Paolo Perego: thesp0nge@owasp.org, Matteo Meucci: matteo.meucci@owasp.org, Sara Gallo: sara.gallo@gmail.com, Alessandro Guido: alex@securityaddicted.com, Mirko Guido Spezie: mirko@dayu.it, Giuseppe Di Cesare: giuseppe.dicesare@alice.it, Paco Schiaffella: schiaffella@gmail.com, Gianluca Grasso: giandou@gmail.com, Alessio D'Ospina: alessiodos@gmail.com, Loredana Mancini: loredana.mancini@business-e.it, Alessio Petracca: alessio.petracca@gmail.com, Giuseppe Trotta: giutrotta@gmail.com, Simone Onofri: simone.onofri@gmail.com, Francesco Cossu: hambucker@gmail.com, Marco Lancini: marco.lancini.ml@gmail.com, Stefano Zanero: zanero@elet.polimi.it, Giovanni Schmid: giovanni.schmid@na.icar.cnr.it, Igor Falcomata': koba@sikurezza.org
*Japanese 2013: [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese PDF] Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari
* Korean 2013: [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korean PDF] (이름가나다순) 김병효:byounghyo.kim@owasp.org, 김지원:jiwon.kim@owasp.or.kr, 김효근:katuri@katuri.kr, 박정훈:xelion@gmail.com, 성영모:youngmo.seong@owasp.or.kr, 성윤기:yune.sung@owasp.org, 송보영:boyoung.song@owasp.or.kr, 송창기:factor7@naver.com, 유정호:griphis77@gmail.com, 장상민:sangmin.jang@owasp.or.kr, 전영재:youngjae.jeon@owasp.org, 정가람:tgcarrot@gmail.com, 정홍순:jhs728@gmail.com, 조민재:johnny.cho@owasp.org,허성무:issimplenet@gmail.com
*Brazilian Portuguese 2013: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese PDF] Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte
*Spanish 2013: [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish PDF] Gerardo Canedo: gerardo.canedo@owasp.org, Jorge Correa: jacorream@gmail.com, Fabien Spychiger: fabien.spychiger@dreamlab.net, Alberto Hill: alberto.daniel.hill@gmail.com, Johnatan Stanley: johnatanst@gmail.com, Maximiliano Alonzo: malonzo@tib.com.uy, Mateo Martinez: mateo.martinez@owasp.org, David Montero: david.montero@owasp.org, Rodrigo Martinez: rodmart@fing.edu.uy, Guillermo Skrilec: guillermo.skrilec@owasp.org, Felipe Zipitria: felipe.zipitria@owasp.org, Fabien Spychiger: fabien.spychiger@dreamlab.net, Rafael Gil: rafael.gillarios@owasp.org, Christian Lopez: christian.lopez.martin@owasp.org, jonathan fernandez jonathan.fernandez04@gmail.com, Paola Rodriguez: Paola_R1@verifone.com, Hector Aguirre: hector.antonio.aguirre@owasp.org, Roger Carhuatocto: rcarhuatocto@intix.info, Juan Carlos Calderon: johnccr@yahoo.com, Marc Rivero López: mriverolopez@gmail.com, Carlos Allendes: carlos.allendes@owasp.org, daniel@carrero.cl: daniel@carrero.cl, Manuel Ramírez: manuel.ramirez.s@gmail.com, Marco Miranda: marco.miranda@owasp.org, Mauricio D. Papaleo Mayada: mpapaleo@gmail.com, Felipe Sanchez: felipe.sanchez@peritajesinformaticos.cl, Juan Manuel Bahamonde: juanmanuel.bahamonde@gmail.com, Adrià Massanet: adriamassanet@gmail.com, Jorge Correa: jacorream@gmail.com, Ramiro Pulgar: ramiro.pulgar@owasp.org, German Alonso Suárez Guerrero: german.suarez@owasp.org, Jose A. Guasch: jaguasch@gmail.com, Edgar Salazar: edgar.salazar@owasp.org
*Ukrainian 2013: [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian PDF] Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky

2010 Completed Translations:

*Korean 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF] Hyungkeun Park, (mirrk1@gmail.com)
*Spanish 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF] *Daniel Cabezas Molina , Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera
*French 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF] ludovic.petit@owasp.org, sebastien.gioria@owasp.org, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
*German: [[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
*Indonesian: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF] Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad
*Italian: [http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF] Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni
*Japanese: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF] cecil.su@owasp.org, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima
*Chinese: [http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF] 感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东
*Vietnamese: [http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF] Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam
*Hebrew: [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew Project]] -- [https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]. Lead by Or Katz, see translation page for list of contributors.

Volunteer Translation Efforts Underway:

*Portuguese: carlos.j.serrao@gmail.com; taquiles@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
*Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
*Turkish: bora@abi.com.tr
*Malay: cecil.su@owasp.org
*Dutch: marinus@kuivenhoven.com
*Swedish: ake.bengtsson@owasp.org
*Hungarian: tibor.fekete@owasp.org
*Persian (Farsi): Shahab Namazikhah (namazikhah@hotmail.com)

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

= Some Commercial & OWASP Uses of the Top 10 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

'''Warning''': these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (WAF) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

;[http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
:as a way to measure the coverage of their SDL and improve security

;[http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
:in their developer guidance on web application security

;[https://www.pcisecuritystandards.org/index.shtml PCI Council]
:as part of the Payment Card Industry Data Security Standard (PCI DSS)

;[http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
:to show how "T10 threats are handled by the security design and test procedures of Microsoft"

;[[OWASP_Top_10/Mapping_to_WHID | OWASP]]
:OWASP Top 10 Mapped to the Web Hacking Incident Database

;[[OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks | OWASP]]
:OWASP Mobile Top 10 Risks

;[[OWASP_Top_Ten_Cheat_Sheet | OWASP]]
:OWASP Top 10 Cheat Sheet

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]][[Category:Popular]][[Category:SAMM-EG-1]]

Category:OWASP Top Ten Project

2015-04-17T06:55:54Z

Shezan: /* Project Leader */

=Main=
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP Top 10==

The OWASP Top Ten is a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

==Translation Efforts==

The OWASP Top 10 has been translated to many different languages by numerous volunteers. These translations are available as follows:

* [[Top10#OWASP_Top_10_for_2013 | All versions of the OWASP Top 10 - 2013]]
* [[Top10#OWASP_Top_10_for_2010 | All versions of the OWASP Top 10 - 2010]]
* [[Top10#Translation_Efforts | Information about the various translation teams]]

==Licensing==
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

{{Social Media Links}}
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is the OWASP Top 10? ==

The OWASP Top 10 provides:

* A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:
* A description
* Example vulnerabilities
* Example attacks
* Guidance on how to avoid
* References to OWASP and other related resources

== Project Leader ==

* [[User:Wichers | Dave Wichers]]
* [[S. M. Shezan]]

== Related Projects ==

* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]

* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]

* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]

* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]

== Ohloh ==

*https://www.ohloh.net/p/OWASP-Top-10

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].

== Email List ==

[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
== News and Events ==
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

= OWASP Top 10 for 2013 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.

* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
* [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
* [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF)]
* [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].

The OWASP Top 10 - 2013 is as follows:

* [[Top_10_2013-A1-Injection | A1 Injection]]
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]

If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

*OWASP is reaching out to developers, not just the application security community
*The Top 10 is about managing risk, not just avoiding vulnerabilities
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

== Changes between 2010 and 2013 Editions ==

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

* A1 Injection
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
* A4 Insecure Direct Object References
* A5 Security Misconfiguration (was formerly 2010-A6)
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
* A10 Unvalidated Redirects and Forwards

== 2013 Versions ==

2013 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
*[https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
*[[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German (PDF)]]
*[[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
*[https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian (PDF)]
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
*[https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]

== Feedback ==

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to topten@lists.owasp.org Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}



= OWASP Top 10 for 2010 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

On April 19, 2010 the final version of the OWASP Top 10 for 2010 was released, and here is the associated [[OWASPTop10-2010-PressRelease|press release]]. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 - 2010 Document]
*[[Top 10 2010|OWASP Top 10 - 2010 - wiki]]
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2010%20Presentation.pptx OWASP Top 10 - 2010 Presentation]
*[http://blip.tv/owasp-appsec-conference-in-europe/day2_track1_1430-1505-3936900 OWASP Top 10 Video of the Presentation above - this focused alot on the Top 10 for 2010 approach, rather than the details. (From OWASP AppSec EU 2010)]
*[http://www.vimeo.com/9006276 OWASP Top 10 Video of this Presentation when the Top 10 for 2010 was 1st released for comment - this goes through each item in the Top 10. (From OWASP AppSec DC 2009)]

The OWASP Top 10 Web Application Security Risks for 2010 are:

*[[Top_10_2010-A1|A1: Injection]]
*[[Top_10_2010-A2|A2: Cross-Site Scripting (XSS)]]
*[[Top_10_2010-A3|A3: Broken Authentication and Session Management]]
*[[Top_10_2010-A4|A4: Insecure Direct Object References]]
*[[Top_10_2010-A5|A5: Cross-Site Request Forgery (CSRF)]]
*[[Top_10_2010-A6|A6: Security Misconfiguration]]
*[[Top_10_2010-A7|A7: Insecure Cryptographic Storage]]
*[[Top_10_2010-A8|A8: Failure to Restrict URL Access]]
*[[Top_10_2010-A9|A9: Insufficient Transport Layer Protection]]
*[[Top_10_2010-A10|A10: Unvalidated Redirects and Forwards]]

== Introduction ==

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages and the 2010 version was translated into even more languages. See below for all the translated versions.

== 2010 Versions ==

2010 Edition:

*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf OWASP Top 10 2010 - PDF]
*[[Top 10 2010|OWASP Top 10 2010 - wiki]]

2010 Translations:

*[http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF / 这里下载PDF格式文档]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF]
*[[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]]
*[https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF]
*[http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF]
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF]
*[http://www.owasp.org/images/8/86/OWASP_Top_10_-_2010_FINAL_%28spanish%29.pptx OWASP Top 10 2010 - Spanish PPT]
*[http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF]

2010 Release Candidate:

*[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf OWASP Top 10 2010 Release Candidate]
*[http://www.owasp.org/images/e/e1/OWASP_Top_10_RC-Public_Comments.docx OWASP Top 10 2010 Release Candidate Comments], except for one set of scanned comments [http://www.owasp.org/images/2/2e/OWASP_T10_-_2010_rc1_cmts_Kai_Jendrian.pdf which are here].

Previous versions:

*[http://www.owasp.org/images/e/e8/OWASP_Top_10_2007.pdf OWASP Top 10 2007 - PDF]
*[[Top 10 2007|OWASP Top 10 2007 - wiki]]
*[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Project_Details OWASP Top 10 2007 - PDF Translations are here]
*[[Top 10 2004|OWASP Top 10 2004 - wiki]]

== Project Sponsors ==

The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}

= Translation Efforts =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

Efforts are underway in numerous languages to translate the OWASP Top 10 for 2013. If you are interested in helping, please contact the other members of the team for the language you are interested in contributing to, or if you don't see your language listed, please let me know you want to help and we'll form a volunteer group for your language too!!

Here is the original source document for the [https://www.owasp.org/images/4/4d/OWASP_Top_10_-_2013_Final_-_English.pptx OWASP Top 10 - 2013 which is in PowerPoint]. Please use this document as the basis for your translation efforts.

2013 Completed Translations:

* Arabic: [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic PDF] Translated by: Mohannad Shahat: Mohannad.Shahat@owasp.org, Fahad: @SecurityArk, Abdulellah Alsaheel: cs.saheel@gmail.com, Khalifa Alshamsi: Khs1618@gmail.com and Sabri(KING SABRI): king.sabri@gmail.com, Mohammed Aldossary: mohammed.aldossary@owasp.org
* Chinese 2013：中文版2013 [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)]. 项目组长： Rip 王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰
* Czech 2013: [https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf OWASP Top 10 2013 - Czech (PDF)] [https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx OWASP Top 10 2013 - Czech (PPTX)] CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: petr.zavodsky@owasp.org, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta
*French 2013: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French PDF] Ludovic Petit: Ludovic.Petit@owasp.org, Sébastien Gioria: Sebastien.Gioria@owasp.org, Erwan Abgrall: g4l4drim@gmail.com, Benjamin Avet: benjamin.avet@gmail.com, Jocelyn Aubert: jocelyn.aubert@owasp.org, Damien Azambour: damien.azambourg@owasp.org, Aline Barthelemy: aline.barthelemy@fr.abb.com, Moulay Abdsamad Belghiti: abdsamad.belghiti@gmail.com, Gregory Blanc: gregory.blanc@gmail.com, Clément Capel: clement.capel@sfr.com, Etienne Capgras: Etienne.capgras@solucom.fr, Julien Cayssol: julien@aqwz.com, Antonio Fontes: antonio.fontes@owasp.org, Ely de Travieso: Ely.detravieso@owasp.org, Nicolas Grégoire: nicolas.gregoire@agarri.fr, Valérie Lasserre: valerie.lasserre@gmx.fr, Antoine Laureau: antoine.laureau@owasp.org, Guillaume Lopes: lopes.guillaume@free.fr, Gilles Morain: gilles.morain@gmail.com, Christophe Pekar: christophe.pekar@owasp.org, Olivier Perret: perrets@free.fr, Michel Prunet: michel.prunet@owasp.org, Olivier Revollat: revollat@gmail.com, Aymeric Tabourin: aymeric.tabourin@orange.com
* German 2013: [[media:OWASP_Top_10_2013_DE_Version_1_0.pdf | OWASP Top 10 2013 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
* Hebrew 2013: [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf PDF] Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.
* Italian 2013: [https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf OWASP Top 10 2013 - Italian PDF] Translated by: Michele Saporito: m.saporito7@gmail.com, Paolo Perego: thesp0nge@owasp.org, Matteo Meucci: matteo.meucci@owasp.org, Sara Gallo: sara.gallo@gmail.com, Alessandro Guido: alex@securityaddicted.com, Mirko Guido Spezie: mirko@dayu.it, Giuseppe Di Cesare: giuseppe.dicesare@alice.it, Paco Schiaffella: schiaffella@gmail.com, Gianluca Grasso: giandou@gmail.com, Alessio D'Ospina: alessiodos@gmail.com, Loredana Mancini: loredana.mancini@business-e.it, Alessio Petracca: alessio.petracca@gmail.com, Giuseppe Trotta: giutrotta@gmail.com, Simone Onofri: simone.onofri@gmail.com, Francesco Cossu: hambucker@gmail.com, Marco Lancini: marco.lancini.ml@gmail.com, Stefano Zanero: zanero@elet.polimi.it, Giovanni Schmid: giovanni.schmid@na.icar.cnr.it, Igor Falcomata': koba@sikurezza.org
*Japanese 2013: [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese PDF] Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari
* Korean 2013: [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korean PDF] (이름가나다순) 김병효:byounghyo.kim@owasp.org, 김지원:jiwon.kim@owasp.or.kr, 김효근:katuri@katuri.kr, 박정훈:xelion@gmail.com, 성영모:youngmo.seong@owasp.or.kr, 성윤기:yune.sung@owasp.org, 송보영:boyoung.song@owasp.or.kr, 송창기:factor7@naver.com, 유정호:griphis77@gmail.com, 장상민:sangmin.jang@owasp.or.kr, 전영재:youngjae.jeon@owasp.org, 정가람:tgcarrot@gmail.com, 정홍순:jhs728@gmail.com, 조민재:johnny.cho@owasp.org,허성무:issimplenet@gmail.com
*Brazilian Portuguese 2013: [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese PDF] Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte
*Spanish 2013: [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish PDF] Gerardo Canedo: gerardo.canedo@owasp.org, Jorge Correa: jacorream@gmail.com, Fabien Spychiger: fabien.spychiger@dreamlab.net, Alberto Hill: alberto.daniel.hill@gmail.com, Johnatan Stanley: johnatanst@gmail.com, Maximiliano Alonzo: malonzo@tib.com.uy, Mateo Martinez: mateo.martinez@owasp.org, David Montero: david.montero@owasp.org, Rodrigo Martinez: rodmart@fing.edu.uy, Guillermo Skrilec: guillermo.skrilec@owasp.org, Felipe Zipitria: felipe.zipitria@owasp.org, Fabien Spychiger: fabien.spychiger@dreamlab.net, Rafael Gil: rafael.gillarios@owasp.org, Christian Lopez: christian.lopez.martin@owasp.org, jonathan fernandez jonathan.fernandez04@gmail.com, Paola Rodriguez: Paola_R1@verifone.com, Hector Aguirre: hector.antonio.aguirre@owasp.org, Roger Carhuatocto: rcarhuatocto@intix.info, Juan Carlos Calderon: johnccr@yahoo.com, Marc Rivero López: mriverolopez@gmail.com, Carlos Allendes: carlos.allendes@owasp.org, daniel@carrero.cl: daniel@carrero.cl, Manuel Ramírez: manuel.ramirez.s@gmail.com, Marco Miranda: marco.miranda@owasp.org, Mauricio D. Papaleo Mayada: mpapaleo@gmail.com, Felipe Sanchez: felipe.sanchez@peritajesinformaticos.cl, Juan Manuel Bahamonde: juanmanuel.bahamonde@gmail.com, Adrià Massanet: adriamassanet@gmail.com, Jorge Correa: jacorream@gmail.com, Ramiro Pulgar: ramiro.pulgar@owasp.org, German Alonso Suárez Guerrero: german.suarez@owasp.org, Jose A. Guasch: jaguasch@gmail.com, Edgar Salazar: edgar.salazar@owasp.org
*Ukrainian 2013: [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian PDF] Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky

2010 Completed Translations:

*Korean 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Korean.pdf OWASP Top 10 2010 - Korean PDF] Hyungkeun Park, (mirrk1@gmail.com)
*Spanish 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Spanish.pdf OWASP Top 10 2010 - Spanish PDF] *Daniel Cabezas Molina , Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera
*French 2010: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20French.pdf OWASP Top 10 2010 - French PDF] ludovic.petit@owasp.org, sebastien.gioria@owasp.org, antonio.fontes@owasp.org, benoit.guerette@owasp.org, Jocelyn.aubert@owasp.org, Eric.Garreau@gemalto.com, Guillaume.Huysmans@gemalto.com
*German: [[media:OWASPTop10_2010_DE_Version_1_0.pdf | OWASP Top 10 2010 - German PDF]] top10@owasp.de which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, [[User:Kai_Jendrian|Kai Jendrian]], [[User:Ralf_Reinhardt|Ralf Reinhardt]], Michael Schäfer
*Indonesian: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Indonesian.pdf OWASP Top 10 2010 - Indonesian PDF] Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad
*Italian: [http://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf OWASP Top 10 2010 - Italian PDF] Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni
*Japanese: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf OWASP Top 10 2010 - Japanese PDF] cecil.su@owasp.org, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima
*Chinese: [http://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf OWASP Top 10 2010 - Chinese PDF] 感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东
*Vietnamese: [http://owasptop10.googlecode.com/files/OWASPTop%2010%20-%202010%20Vietnamese.pdf OWASP Top 10 2010 - Vietnamese PDF] Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam
*Hebrew: [[OWASP_Top10_Hebrew|OWASP Top 10 Hebrew Project]] -- [https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf OWASP Top 10 2010 - Hebrew PDF]. Lead by Or Katz, see translation page for list of contributors.

Volunteer Translation Efforts Underway:

*Portuguese: carlos.j.serrao@gmail.com; taquiles@gmail.com; wagner.elias@owasp.org; victoreufrasio@gmail.com; leo.cavallari@owasp.org; victoreufrasio@gmail.com;
*Greek: Konstantinos Papapanagiotou (conpap@di.uoa.gr)
*Turkish: bora@abi.com.tr
*Malay: cecil.su@owasp.org
*Dutch: marinus@kuivenhoven.com
*Swedish: ake.bengtsson@owasp.org
*Hungarian: tibor.fekete@owasp.org
*Persian (Farsi): Shahab Namazikhah (namazikhah@hotmail.com)

= Project Details =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}

= Some Commercial & OWASP Uses of the Top 10 =

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

'''Warning''': these articles have not been rated for accuracy by OWASP. Product companies should be extremely careful about claiming to "cover" or "ensure compliance" with the OWASP Top 10. The current state-of-the-art for automated detection (scanners and static analysis) and prevention (WAF) is nowhere near sufficient to claim adequate coverage of the issues in the Top 10. Nevertheless, using the Top 10 as a simple way to communicate security to end users is effective.

;[http://blogs.msdn.com/b/sdl/archive/2008/05/01/sdl-and-the-owasp-top-ten.aspx Microsoft]
:as a way to measure the coverage of their SDL and improve security

;[http://www.nsa.gov/applications/search/index.cfm?q=owasp NSA]
:in their developer guidance on web application security

;[https://www.pcisecuritystandards.org/index.shtml PCI Council]
:as part of the Payment Card Industry Data Security Standard (PCI DSS)

;[http://msdn.microsoft.com/en-us/library/dd129898.aspx Microsoft]
:to show how "T10 threats are handled by the security design and test procedures of Microsoft"

;[[OWASP_Top_10/Mapping_to_WHID | OWASP]]
:OWASP Top 10 Mapped to the Web Hacking Incident Database

;[[OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks | OWASP]]
:OWASP Mobile Top 10 Risks

;[[OWASP_Top_Ten_Cheat_Sheet | OWASP]]
:OWASP Top 10 Cheat Sheet

__NOTOC__ <headertabs />

[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]][[Category:Popular]][[Category:SAMM-EG-1]]

Category:OWASP Project

2015-04-17T06:53:38Z

Shezan: /* The OWASP Project Lifecycle is broken down into the following stages: */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

* [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project Project Request (Bangladesh)]:For Information Security Project contact with OWASP Bangladesh Project Leader [[S. M. Shezan]][http://www.facebook.com/smshezan]

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

'''Code Projects''': OWASP code projects are very important for the cyber security solutions. Because these projects are used to find out the application security problems and try to solve those problems. Best code project is [[OWASP System Vulnerable Code Project]] and best project leader is [http://www.facebook.com/smshezan S. M. Shezan]

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

Category:OWASP Project

2015-04-17T06:47:15Z

Shezan: /* The OWASP Project Lifecycle is broken down into the following stages: */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

* [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project Project Request (Bangladesh)]:For Information Security Project contact with OWASP Bangladesh Project Leader [[S. M. Shezan]][http://www.facebook.com/smshezan]

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

'''Code Projects''': OWASP code projects are very important for the cyber security solutions. Because application security can be visible here through these projects. Best code project is [[OWASP System Vulnerable Code Project]] and best project leader is [[S. M. Shezan]]

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

Category:OWASP Project

2015-04-17T06:41:14Z

Shezan: /* Project Process Forms */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

* [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project Project Request (Bangladesh)]:For Information Security Project contact with OWASP Bangladesh Project Leader [[S. M. Shezan]][http://www.facebook.com/smshezan]

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

Category:OWASP Project

2015-04-17T06:39:51Z

Shezan: /* Project Process Forms */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

* [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project Project Request (Bangladesh)]:For Information Security Project contact with OWASP Bangladesh Project Leader[[S. M. Shezan]][http://www.facebook.com/smshezan]

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

Category:OWASP Project

2015-04-17T06:38:11Z

Shezan: /* Project Process Forms */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

* [https://www.owasp.org/index.php/OWASP_System_Vulnerable_Code_Project Project Reques, Bangladesh]:For Information Security Project apply to [[S. M. Shezan]][http://www.facebook.com/smshezan]

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

S. M. Shezan

2015-04-17T06:35:33Z

Shezan:

[http://www.facebook.com/smshezan S. M. Shezan]

S. M. Shezan

2015-04-17T06:33:31Z

Shezan: Blanked the page

S. M. Shezan

2015-04-17T06:33:00Z

Shezan: Created page with "[http://www.facebook.com/smshezan S. M. Shezan]"

[http://www.facebook.com/smshezan S. M. Shezan]

Category:OWASP Project

2015-04-17T06:32:04Z

Shezan: /* Project Process Forms */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

* [Security Project Form]:For Information Security Project apply to [[S. M. Shezan]][http://www.facebook.com/smshezan]

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

Task Force/OWASP Projects

2015-04-17T06:25:45Z

Shezan: /* Current Members */

This task force is focused on OWASP Projects with a first focus on cleaning up the OWASP incubator list

==Current To-do list==

Tracking of current stuff is done temporary [https://docs.google.com/a/owasp.org/spreadsheets/d/1n1qoVJTd7dP7GbIJvXwGUspkb4mfcmo9IorM9rZGVtE/edit?usp=sharing here] as we plan to use Jira in the long run.

* Clean up of Incubator Projects and inactivate projects without a release or updates for over a year.
* Inactive/Active Project Audits:https://groups.google.com/a/owasp.org/forum/?hl=en#!forum/projects-task-force (must be OWASP member)
* Project Reviews: [https://groups.google.com/a/owasp.org/forum/?hl=en#!forum/projects-task-force See here for more details]
* [Task: Project Metrics Collection Project Metrics Collection: Data needed]

* Plan next EU Project Summit 2015 Amsterdam
* [[AppSecUSA 2014 Projects Summit Rescue]]
** USA Summit 2014 is happening [https://www.owasp.org/index.php/OWASP_Project_Summit_USA_2014 wiki page here]
* [[LAB Projects Code Analysis Report]]
* The Proposal Evaluation Methodology for OWASP Projects - Johanna has put together a proposal for evaluating project. The proposal can be found here: [https://docs.google.com/a/owasp.org/viewer?a=v&pid=forums&srcid=MDM4NTc0NDY0NjkwMzEwMTMzMzkBMDU3ODU2MTQ5MTQ0OTI0ODk1OTYBcWUxcGRuaHppUVVKATAuMQFvd2FzcC5vcmcBdjI Proposal Evaluation].
*Create a coherent wiki page for the Project Dashboard.

==To-do list: Future Tasks==
* Gather support and funding to have 1 large OWASP Summit.
* Design a more sustainable revenue stream using the Project’s IP.
* Identify & promote cross-project collaboration to move clusters of projects forward, with e.g. work groups that work on a certain domain.
* Start a task force of people with spare cycles that can help projects that need extra man-power of are falling behind in delivery of new releases (especially the flag ship projects).

==Completed Tasks==
* create a new mailing list (in google groups) for this task force: https://groups.google.com/a/owasp.org/forum/?hl=en#!forum/projects-task-force
* Submissions for Open Source Showcase at AppSec EU: [https://groups.google.com/a/owasp.org/d/msg/projects-task-force/IZdd-4CpUNg/WqSpxf92n8gJ See here for more details]: Completed by Team. - May 02, 2014
* Need to review [[OWASP_Java_HTML_Sanitizer_Project|Java HTML Sanitizer Project]]: [https://groups.google.com/a/owasp.org/d/msg/projects-task-force/Wdg6dGr6mj4/N89imuYLqFoJ See here for more details]: Removed from the Review List - Samantha - May 02, 2014
*Wikify Projects Dashboard: Removed as agreed it is unnecessary - Samantha - May 02, 2014
*Move the Google Groups to OWASP Google App - Jonathan - July 16, 2014
*Inactivated all Incubator Documentation projects with no release in over a year and no updates. - August 2, 2014.
* Need to get all project repos added to https://www.openhub.net/orgs/OWASP: DONE- 88 projects have an open repository
* Created the Project Dashboard. Look for link once the wiki page has been created.

==Failed Tasks==
* [https://groups.google.com/a/owasp.org/d/msg/projects-task-force/T87T1KfTlzg/KDkrGDqVuj4J 2014 Cambridge Summit Sponsorship Needs]

==Execution Power==

This task force exists on the assumption that it has a mandate from the OWASP leaders to act on behalf of the OWASP community on what is best for OWASP Projects. We are in the process of submitting a Committee Proposal for Project reviews

If somebody (namely an OWASP Leader or Board member) disagree with any of the decisions made, he/she has two options:

* join this Task Force/Committe
* create another equivalent 'OWASP Projects group' and do a better job there

''note that Committee 2.0 will change this as this task force might converge to a new Committee or fall under one if needed''

==Current Members==

* Johanna Curiel
*Timo Goosen
* Jonathan Marcil
* Jason Johnson
* Noreen Whysel - OWASP Community Manager (Staff)
* S. M. Shezan - OWASP Project Leader

==OWASP Projects Task Force (Concept)==

This is a new type of OWASP initiative, focused on 'getting things done', the concept is still evolving but here are the current (in draft) guiding principles:

# this 'task force is an invitation-only group' (to join the task force, requests should be made directly with existing task force members)
# all existing members have VETO power, and it is assumed that all decisions are backed up with all existing members
# only existing members can send the invitations
# there is a 1 month minimum activity required (or the member is temporarily out).
# invitations are automatically approved in 24h
# existing members can VETO new members (and existing members can be kickout by majority)
# there an one special member who has veto power the responsibility to enforce the 'one month contribution MIA scenario' (i.e. to kick out the 'non contributing members')
# all communication MUST be made (as much as practically possible) under public mediums: Wiki, public mailings, public Hangout sessions
# there are NO decisions made BEHIND closed doors, or without a solid digital (hyperlinkable) trail

==Discussions==

[https://groups.google.com/a/owasp.org/forum/#!forum/projects-task-force Google Group] You must be logged in your OWASP Google App account to view and post to the group.

Category:OWASP Project

2015-04-17T06:23:40Z

Shezan: /* Code [Reviewed November 2014] */

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP System Vulnerable Code Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

Category:OWASP Project

2015-04-17T06:20:18Z

Shezan:

__NOTOC__
{|
|-
! width="700" align="center" | <br>
! width="500" align="center" | <br>
|-
|
| align="right" |

|}

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
= Welcome =
{| style="width: 100%;"
|-
| style="width: 100%; color: rgb(0, 0, 0);" |
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
|-
| style="width: 95%; color: rgb(0, 0, 0);" |
<font size=2pt>

=== Welcome to the OWASP Global Projects Page ===

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.

Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''

'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''

Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''

'''[[Project_Online_Resources|Project Online Resources]]'''

=== Who Should Start an OWASP Project? ===

*Application Developers.
*Software Architects.
* Information Security Authors.
*Those who would like the support of a world wide professional community to develop or test an idea.
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

=== Contact Us===

If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

=== OWASP Project Inventory ===

All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]

* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.

* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

=== Social Media ===

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.

[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]

</font>

|}

| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |
<div style="padding:2em;padding-bottom:0px;">

[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]

[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
</div>

{|

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}

| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
|}


= Project Inventory =
<font size=2pt>

The Project Dashboard lists the all project information at a glance, including release links, the current status of the project and project leader contact information. The Project Dashboard can be found here: https://www.owasp.org/index.php/OWASP_Project_Dashboard

==Flagship Projects==
[[File:Flagship_banner.jpg]]

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project will be evaluated more deeply to confirm their flagship status:

====Tools [Reviewed September 2014]====

* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
* [[OWASP_OWTF|OWASP OWTF]]
* [[OWASP_Dependency_Check|OWASP Dependency Check]]

====Code [Reviewed November 2014]====
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[OWASP_System_Vulnerable_Code_Project]]

====Documentation[Reviewed February 2015] in progress====
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]

==Labs Projects==
[[File:Lab banner.jpg]]

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

===Thumbs up===
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

====Tools [Reviewed February 2015]====
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
* [[OWASP_O2_Platform|OWASP O2 Platform]]
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
* [[O-Saft|O-Saft]]
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
* [[OWASP_Passfault|OWASP Passfault]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
*[[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]

====Documentation [In Progress-Results by February/March 2015] ====

* [[OWASP_Podcast|OWASP Podcast Project]]
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
*[[OWASP_CISO_Survey|OWASP CISO Survey]]
*[[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
*[[OWASP_Cornucopia|OWASP Cornucopia]]
*[[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]

====Contests====
*[[OWASP_University_Challenge|OWASP University Challenge]]
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]

====Code [Reviewed February 2015]====
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]

======Low Activity (LABS)[Reviewed February 2015] ======
[[File:low_activity.jpg]]

These projects had no releases in at least a year, however have shown to be valuable tools
Code [Low Activity]
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]

Documentation [Low Activity]
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]

==Incubator Projects==
[[File:Incubator_banner.jpg]]

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

===Thumbs up===
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation

====Code [Reviewed March 2015]====
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]] [[File:Thumbsup.png|15px]] [[File:Thumbsup.png|15px]]
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_System_Vulnerable_Code_Project|OWASP System Vulnerable Code Project]]
* [[OWASP_ISO_IEC_27034_Application_Security_Controls_Project|OWASP ISO/IEC 27034 Application Security Controls Project]]
* [[OWASP_Hardened_Phalcon_Project|OWASP Hardened Phalcon Project]]
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]] [[File:Thumbsup.png|15px]]
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
*[[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
*[[OWASP_Droid10_Project|OWASP Droid]]

====Tools [Review in progress-April 2015]====
*[[Benchmark|OWASP WebGoat Benchmark]]
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Security_Shepherd|OWASP Security Shepherd]] [[File:Thumbsup.png|15px]]
*[[OWASP_Mantra_OS|OWASP Mantra OS]] [[File:Thumbsup.png|15px]]
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
*[[OWASP_Bricks|OWASP Bricks]]
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Python_Security_Project|OWASP Python Security Project]]
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
*[[OWASP_Click_Me_Project|OWASP Click Me Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
*[[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
*[[OWASP_Project_Metrics|OWASP Project Metrics]]
*[[OWASP_Store_Sheep_Project|OWASP Store Sheep Project]]
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]] [[File:Thumbsup.png|15px]]
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]] [[File:Thumbsup.png|15px]]
* [[OWASP_ASVS_Assessment_tool | OWASP Assesment Tool]]

====Documentation[Review: March 2015-In progress]====
*[[OWASP Automated Threats to Web Applications]]
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
*[[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
*[[Projects/OWASP_GoatDroid_Project|OWASP GoatDroid Project]]
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]]
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
*[[WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project|WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]]
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
*[[OWASP_Security_Principles_Project|OWASP Security Principles Project]]
*[[OWASP_Media_Project|OWASP Media Project]] [[File:Thumbsup.png|15px]]
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
*[[OWASP_Insecure_Web_Components_Project|OWASP Insecure Web Components Project]]
*[[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
*[[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
*[[OWASP_Open_Cyber_Security_Framework_Project|OWASP Open Cyber Security Framework Project]]
*[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
*[[OWASP_Embedded_Application_Security|OWASP Embedded Application Security]]
*[[OWASP_STING_Game_Project|OWASP STING Game Project]]
*[[Projects/OWASP_Ruby_on_Rails_and_friends_Security_Guide|OWASP Ruby on Rails and Friends Security Guide]]
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
*[[OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project|OWASP Supporting Legacy Web Applications in the Current Environment Project]]
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
*[[OWASP_Security_Controls_in_Web_Application_Development_Lifecycle |OWASP Security Controls in Web Application Development Lifecycle Project]]
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
*[[OWASP_Product_Requirement_Recommendations_Library|OWASP_Product_Requirement_Recommendations_Library]]
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
*[[OWASP_Knowledge_Graph|OWASP_Knowledge_Graph]]

====Educational Project====
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]

==Donated Projects==

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

====Tools====

* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
* [[OWASP_JOTP_Project|OWASP jOTP Project]]

==OWASP Archived Projects==
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

= Project Task Force =

====OWASP Project Task Force====

{{:Task_Force/OWASP_Projects}}

= Online Resources =

===Project Online Resources===

{{:Project_Online_Resources}}

= Starting a New Project =
<font size=2pt>
== So you want to start a project... ==

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
[[File:HowToStartProjectoWasp.png | 600px | right]]

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".

[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]

===Importance of a well thought out Road-map===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.

* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.

* Available Grants to consider if you need funding - [[Grants|Click Here]]

* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

== Creating a new project ==
Once you have passed the Project Ideas phase, then you will be ready to start a new project
To Submit your project please use the following form
. [http://www.tfaforms.com/263506 Please submit a new project application here].

* You will need to gather the following information together for your application:
A - PROJECT
# Project Name,
# Project purpose / overview,
# Project Roadmap,
# Project links (if any) to external sites,
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
# Project Leader name,
# Project Leader email address,
# Project Leader wiki account - the username (you'll need this to edit the wiki),
# Project Contributor(s) (if any) - name email and wiki account (if any),
# Project Main Links (if any).
# For Documentation: A table of Contents
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

* Check out the '''[[Guidelines for OWASP Projects]]'''.
* [[Grant_Spending_Policy|Grant Spending Policy]]
* [[Project_Spending_Policy|Project Spending Policy]]
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]

==OWASP Recommended Licenses==

{{Recommended_Licenses}}

==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

== Project Release ==

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
# Link to your wiki page.
# Link to your code repository or a link to where readers can download your project.
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

==Project Process Forms==
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.

* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.

* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.

* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.

* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.

= Project Assessments =
<font size=2pt>
==OWASP Project Lifecycle==
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.

====The OWASP Project Lifecycle is broken down into the following stages:====

'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

== OWASP Project Stage Benefits==
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

'''Incubator'''
* Financial Donation Management Assistance
* Project Review Support
* WASPY Awards Nominations
* OWASP OSS and OPT Participation
* Opportunity to submit proposal: $500 for Development.
* Community Engagement and Support
* Recognition and visibility of being associated with the OWASP Brand.

'''Labs'''
* All benefits given to Incubator Projects
* Technical Writing Support
* Graphic Design Support
* Project Promotion Support
* OWASP OSS and OPT: Preference

'''Flagship'''
* All benefits given to Incubator & Labs Projects
* Grant finding and proposal writing help
* Yearly marketing plan development
* OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

== Project Monitoring Incubator/Documentation ==
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
You can set your project active at any time, as long as:
* There has been commits to the project's open repository or
* There has been a beta release of the documentation produced so far or
* Provide a detailed Roadmap

===Importance of a well thought out Roadmap===
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.

[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"

==Project Monitoring for LABS/Flagship==
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
===For Code and Tools===
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
*Can the project be built correctly?
*Does the project has any activity(commits) in the last 6 months?
*Does the project had any releases in the last 6 months?
*Has the project leaders updated his wiki or website to reflect latest releases?
===For Documentation===
For this part, we are working on the development of an adequate assessment criteria
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]

== OWASP Project Graduation==
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]

==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

==OWASP Project Deliverable/Release Assessment==
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.

* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]

= Brand Resources =
<font size=2pt>

==The Brand Usage Rules==
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.

==Project Icons & Templates==
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''

'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''

[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]

[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]

[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]

[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]

===OpenSAMM===
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''

'''Construction:'''

[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]

'''Deployment:'''

[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]

'''Governance:'''

[[image:Governance black.png| governance black| 100px]] [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]

'''Verification:'''

[[image:Verification black.png | Verification black | 100px]] [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]

==Book Cover Files==
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.

[[Media:Lulu-guide.pdf|Lulu Guide]]

'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
{|
|-
! width="500" align="center" | <br>
! width="300" align="center" | <br>
|-
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
| align="center" |

|}

= Terminology =
<font size=2pt>
== OWASP Project Infrastructure ==

*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.

*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.

*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.

== OWASP Project Reviews ==

*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.

*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.

*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].

*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.

*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

== OWASP Projects Processes ==

*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.

*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.

*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.

*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.

*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.

*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.

== Projects at Conferences ==

*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.

*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.

*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.

== OWASP Projects General ==

*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].

= Sponsorships and Donations =
<font size=2pt>

==Donate to OWASP Global Projects ==
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

'''This is how your money can help:'''

* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
* $100 could help fund OWASP project demos at major conferences.
* $250 could help get our volunteer Project Leaders to speaking engagements.

[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]

= Contact US =
<font size=2pt>

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
</font>

<headertabs />

OWASP System Vulnerable Code Project

2014-10-10T06:21:27Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]
== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
[http://shezan.cf shezan]
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2014-10-10T06:19:30Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]
== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
shezan.cf
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

Me@shezan.cf

2014-10-06T05:23:09Z

Shezan:

[http://www.shezan.cf/Contact-Me/]
http://www.shezan.cf/
webmail: me@shezan.cf

OWASP System Vulnerable Code Project

2014-09-05T04:42:09Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

webmail: [http://www.shezan.cf/Contact-Me/ me@shezan.cf]
== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

Me@shezan.cf

2014-09-05T04:39:09Z

Shezan:

[http://www.shezan.cf/Contact-Me/]

Me@shezan.cf

2014-09-05T04:37:36Z

Shezan: Created page with "http://shezan.cf/Contact-Me/"

http://shezan.cf/Contact-Me/

OWASP System Vulnerable Code Project

2014-09-05T04:36:49Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

webmail: [[me@shezan.cf]]
== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2014-09-05T04:34:48Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

webmail: me@shezan.cf
== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2014-09-03T18:11:30Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://shezan.cf

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2014-08-29T13:05:46Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://smshezan.tk

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance ==

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2014-08-25T11:34:46Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org

website: http://smshezan.tk

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance competition ==

Hey guys
Next 187 days we will try to perform our better performance to win the game.
Best of luck.

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]

OWASP System Vulnerable Code Project

2014-08-25T11:34:19Z

Shezan:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

==OWASP System Vulnerable Code Project==

OWASP System Vulnerable Code Project is trying to make a computer security tool named Lappy Framework.

==Introduction==

OWASP System Vulnerable Code Project is making a tool that can find out vulnerabilities of a system and fix them.It can also scan your network to find network hole. This tool can ensure your security for your business firm. This tool
also provide a secure tunnel for business communications.

==Description==

System Vulnerable Code Project will provide a security tool under OWASP and GNU LGPL version 3.0 projects. This project main tool name will be Lappy Framework and basically this tool will use for Vulnerability Assessment. Its a opensource and freeware tool. It will carry three types code with latest encryption system. It can provide secure web server, database server, mail server etc.

==Licensing==
OWASP System Vulnerable Code Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== What is System Vulnerable Code Project? ==

OWASP System Vulnerable Code Project provides:

* Secure System.
* Secure Network for Business.

== Project Leader ==

Project leader's name:

S. M. Shezan

Information Security Consultant

email: shezan@owasp.org
website: http://smshezan.tk

== Presentation ==

Link to presentation:

http://lappyframework.blogspot.com

== Related Projects ==

* [[OWASP_CISO_Survey]]

== Project Performance competition ==

Hey guys
Next 187 days we will try to perform our better performance to win the game.
Best of luck.

| valign="top" style="padding-left:25px;width:200px;" |

== Quick Download ==

* Link to page/download:

http://lappyframework.blogspot.com

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com & http://lappyframework.blogspot.com

==Classifications==

{| width="200" cellpadding="2"
|-
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]]
|-
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
OWASP System Vulnerable Code Project is developed by a worldwide team of security developer. The malformed code writer name list of the project :

* Ajin
* Sarker
* Nicol
* Breaker
* Simon

User Interface Designer (License: GNU LGPL v.3):

* Mehedi Hasan Shuvo

= Road Map and Getting Involved =

As of OWASP System Vulnerable Code Project, the priorities are:
* CVE
* NIST
* Offensive Security

Involvement in the development and promotion of OWASP System Vulnerable Code Project
Jump to: navigation, search
is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* Sending the security error of the application based code.
* Find out the bug of operating system.

=Project About=
{{:Projects/OWASP_System_Vulnerable_Code_Project}}

__NOTOC__ <headertabs />

[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]