This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:Scala
AboutThe OWASP Scala and JVM Technology Knowledge Base is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of these pages is on guidance for developers and architects using Scala frameworks and JVM based technologies for Backend development Purpose
LicensingOWASP Java™ and JVM Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. Oracle® and Java™ are trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. What's Hot!See the "Tasks and Roadmap" tab for more information. |
 MetaLast Update: 11/19/2017
Other Resources
Related Projects |
Security Tools
| OWASP Dependency Check | |
| Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Scala, .NET, Java, Ruby, Node.js, and Python projects are supported.
More info visit : https://github.com/albuch/sbt-dependency-check | |
| OWASP SonarQube Project | |
| The first goal of the OWASP SonarQube Project is to a create a referential of check specifications targeting OWASP vulnerabilities that can be detected by SAST tools (Static Application Security Testing). From there, the second goal is to provide a reference implementations of most of those checks in the Open Source SonarQube language analyzers (Java, JavaScript, PHP and C#). SonarQube is an Open Source platform for managing code quality. | |
General Documents
| OWASP Secure Coding Practices - Quick Reference Guide | OWASP Codes of Conduct | OWASP Cheat Sheets Series |
| OWASP Testing Project | OWASP Web Top 10 | OWASP Vulnerable Web Applications Directory |
| Framework | Authentication | Authorization | CSRF | XSS | SQLInjection | OWASP page | Notes |
|---|---|---|---|---|---|---|---|
| Play | ✓ | ✓ | - | - | - | Play Security Guidelines | |
| Deadbolt 2 | ✓ | - | - | - | - | Fine-grained authorization for controllers & templates | |
| Play-pac4j | ✓ | ✓ | ✓ | - | - | - | Security Library for Play framework , uses Deadbolt as dependency |
| Scala-oauth2-provider | ✓ | - | - | - | - | - | Authentication Play 2 Scala with Generic OAuth2 Provider |
| SecureSocial | ✓ | - | - | - | - | - | Supports up to 2.5.12 Play versions (Actual one 2.6.x) |
| Silhouette - Play Framework Library | ✓ | - | - | - | - | - | For the Playframework |
| Lift | ✓ | ✓ | ✓ | ✓ | ✓ | - | Created for Web application security |
| Akka (Akka-http) | ✓ | ✓ | - | - | - | - | Primary focus is HTTP-based services |
| Spray | ✓ | ✓ | - | - | - | - | spray library is not longer maintained, replaced by akka-http |
Reference https://www.47deg.com/blog/security-frameworks-for-scala/
Mailing List
OWASP Java and JVM Technologies Mailing List
Code Repository
GitHub OWASP Global Repository
Related Project Resources
Ruby Technology Knowledge Base
Perl Technology Knowledge Base
Python Technology Knowledge Base
JavaScript Technology Knowledge Base
C/C++ Technology Knowledge Base
Roadmap
- General review of all Scala and JVM related pages in the wiki.
- Build Scala and JVM security related resources guide
- Concrete guideline for Scala and JVM developers
- Clear checklists, around various topics, language, servers and frameworks.
The first step would be to establish contact with the project leaders and/or the entire team. This can be done using a direct and private message, or by joining the public mailing list to say hello.
When it comes to participating in project activities, everything depends on the time you are willing and able to invest. It is however very important to not jump into too many things at the beginning, later having to back out or to let unfinished things behind you. It is much better to start with small tasks, increasing intensity and investment over time.
Please also be patient with expecting the "merge" of your work into the existing project pages and code. As everywhere in live, trust has to be built-up.
The Java and JVM knowledge base has currently multiple tasks open, which can be found on the adequate section of this page. Not all tasks require a wiki account. Please take something you are interested in and start participating. Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.
Sounds cool? Then jump in...
To get involved join the mailing list, follow this link: OWASP Java and JVM Mailing List
The previous version of this JAVA Project home page is archived here: OWASP Java Project Archive (8.2010)
(The pages in the "old" category "OWASP Java Project" have to be moved into the category "Java". Work is in progress).
