This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Financial Information Exchange Security Project

From OWASP

Jump to: navigation, search

OWASP Financial Information Exchange Security

OWASP Financial Information Exchange Security is a project aimed at raising awareness of security when implementing, developing or working with the FIX protocol. The project aims to create guidelines for implementors, providing them with best practice guidance relating the deploying FIX, guidelines for security professionals when penetration testing FIX, and also a number of FIX related security tools written in Java.

Introduction

Write a short introduction

Description

Write a description that is just a few paragraphs long

What is Financial Information Exchange Security?

OWASP Financial Information Exchange Security provides:

Guidelines for "implementors" of the FIX protocol relating to security best practice. The guidelines will aim to thwart the common vulnerabilities observed in a typical FIX deployment.
Guidelines for security professionals relating to how they can perform better security assessments of FIX endpoints. At the moment this is expected to be in the form of an "attack cheat-sheet"
FIX Fuzzer - Java application to fuzz implementations of the FIX protocol, identifying common application vulnerabilities and business logic attacks

Licensing

OWASP Financial Information Exchange Security is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.