This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Anti-Malware Project

Jump to: navigation, search

Click here to see (& edit, if wanted) the project's template.

Project Name OWASP Anti-Malware Project
Defending Web Infrastructures Against Malware
Short Project Description

“Malware is nowadays more than a single enemy: online crime has unified the forces for targeting any online banking customer. Banking Malware is ubiquitous because it’s constantly updated via country-specific configuration files and with modular plugins to fit any banking web application. In addition it can defeat the most sophisticated security protections actually implemented.”

This project is about describing common flaws in security designs that have been adopted for protecting banking websites against malware, as well as a series of best practices that should be considered for evaluating and building better anti-malware solutions. The project will be constantly updated with information taken from Owasp Community, Malware Analysis, Forensic Activities, as well as from any other validated source.

The project delivery will be divided into Two parts. The first part will be a document containing guidelines directed to Banking Web Infrastructures owners. This document will be kept intentionally as short as possible and will have the main goal to raise the awareness on Malware threats and to precisely name a series of checklists that should be taken into consideration to significantly improve website security against malware.

The second part will be a technical study dynamically updated in wiki-style format. The technical study will be the reference for the guidelines contained in the previous document. This study will try to analyze the most sophisticated Malware Techniques used in the 3 most spread Banking Malware families, as well as discuss the effectiveness of different security protections that are thought to be useful against Malware.

The Technical Study will be made up of two teams: MRE (Malware Reverse Engineering Team) and AMTS (Anti-Malware Technology Solutions Team). MRE team will be in charge of studying the malware samples and to inoculate the techniques used against banking Websites; AMTS team will harvest the internet for any Web Infrastructural solution that claims to be Malware Proof for identifying its strengths and weaknesses.

Key Project Information

Project Leader
Giorgio Fedon

Project Contibutors
Vicente Aguilera
Giuseppe Bonfa
Nikola Milosevic

Mailing List
Subscribe here
Use here

Creative Commons Attribution Share Alike 3.0

Project Type

Minded Security

Release Status Main Links Related Projects

Provisory Apha Quality
(under review)
Please see here for complete information.

Anti-malware Awareness Program
Anti-malware - Knowledge Base

if any, add link(s)