Projects Summit 2013/Projects Participating - Revision history

Samantha Groves at 03:14, 12 October 2013

2013-10-12T03:14:51Z

Samantha Groves at 03:12, 12 October 2013

2013-10-12T03:12:18Z

Kait Disney-Leugers at 00:36, 11 October 2013

2013-10-11T00:36:23Z

Kait Disney-Leugers: Created page with "=What OWASP Projects Will Be at the Summit?= This year we have ten projects participating in the OWASP Project Summit event module. ==OWASP AppSensor== The AppSensor project..."

2013-10-10T23:22:42Z

Created page with "=What OWASP Projects Will Be at the Summit?= This year we have ten projects participating in the OWASP Project Summit event module. ==OWASP AppSensor== The AppSensor project..."

New page

=What OWASP Projects Will Be at the Summit?=

This year we have ten projects participating in the OWASP Project Summit event module.

==OWASP AppSensor==
The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities. [https://www.owasp.org/index.php/OWASP_AppSensor_Project More about OWASP AppSensor here.]

==OWASP Code Review Guide==
The Code Review Guide focuses on secure code reviews and tools that aim to support the developer community. Such an activity is very powerful as it gives the developer community a place to start regarding secure application development. More about [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review here.]

==OWASP Development Guide==
The Development Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure Web Applications and Web Services. The OWASP Developer Guide 2013 aims to focus the content from countermeasures and weaknesses to secure software engineering. More about the OWASP Development Guide [https://www.owasp.org/index.php/OWASP_Guide_Project OWASP Development Guide here.]

==The OWASP Education Projects==
The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.

Initiatives of the OWASP Education Project are:

===[https://www.owasp.org/index.php/OWASP_Training OWASP Training]===
OWASP Boot Camp
OWASP Training Events

===[https://www.owasp.org/index.php/OWASP_Academies OWASP Academies]===
OWASP Academy Portal
OWASP University Outreach
OWASP Student Chapter

==OWASP Enterprise Security API==
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. More about [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API here.]

==OWASP 02 Project==

The O2 platform represents a new paradigm for how to perform, document, and distribute Web Application security reviews. O2 is designed to Automate Application Security Knowledge and Workflows, and to Allow non-security experts to access and consume Security Knowledge. More about [https://www.owasp.org/index.php/OWASP_O2_Platform OWASP O2 Platform here.]

← Older revision		Revision as of 00:36, 11 October 2013
Line 30:		Line 30:

	==OWASP 02 Project==		==OWASP 02 Project==
		+	The O2 platform represents a new paradigm for how to perform, document, and distribute Web Application security reviews. O2 is designed to Automate Application Security Knowledge and Workflows, and to Allow non-security experts to access and consume Security Knowledge. More about [https://www.owasp.org/index.php/OWASP_O2_Platform OWASP O2 Platform here.]
		+
		+	==OWASP Open SAMM==
		+	The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. More about [https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Open SAMM here.]
		+
		+	==OWASP Security Principles Project==
		+	The OWASP Security Principles Project aims to distil the fundamentals of security into a set of concise principles that must be present in any system throughout the requirements, architecture, development, testing, and implementation of that system. More about [https://github.com/OWASP/Security-Principles OWASP Security Principles Project here.]

		+	==OWASP Testing Guide==
		+	This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations. Contributors of this project are currently writing Version 4 of the guide, and are actively seeking authors. More about [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide here.]

−	The ~~O2 platform represents a new paradigm~~ for ~~how to perform, document, and distribute Web Application security reviews~~. O2 is designed to ~~Automate Application Security Knowledge~~ and ~~Workflows,~~ and to ~~Allow non-~~security ~~experts to access and consume Security Knowledge~~. More about [https://www.owasp.org/index.php/~~OWASP_O2_Platform~~ OWASP ~~O2 Platform~~ here.]	+	==OWASP Zed Attack Proxy (ZAP)==
		+	The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. More about [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy (ZAP) here.]

@@ Line 19: / Line 19: @@
 ===[https://www.owasp.org/index.php/OWASP_Training OWASP Training]===
-OWASP Boot Camp
+*OWASP Boot Camp
-OWASP Training Events
+*OWASP Training Events
 ===[https://www.owasp.org/index.php/OWASP_Academies OWASP Academies]===
-OWASP Academy Portal
+*OWASP Academy Portal
-OWASP University Outreach
+*OWASP University Outreach
-OWASP Student Chapter
+*OWASP Student Chapter

@@ Line 1: / Line 1: @@
-=What OWASP Projects Will Be at the Summit?=
+'''[https://www.owasp.org/index.php/OWASP_AppSensor_Project OWASP AppSensor]'''
-This year we have ten projects participating in the OWASP Project Summit event module.
+The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into an existing application. Current efforts are underway to create the AppSensor tool which can be utilized by any existing application interested in adding detection and response capabilities.
-==OWASP Code Review Guide==
+'''[https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide]'''
-==OWASP Development Guide==
+The Code Review Guide focuses on secure code reviews and tools that aim to support the developer community. Such an activity is very powerful as it gives the developer community a place to start regarding secure application development.
-The Development Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure Web Applications and Web Services. The OWASP Developer Guide 2013 aims to focus the content from countermeasures and weaknesses to secure software engineering. More about the OWASP Development Guide [https://www.owasp.org/index.php/OWASP_Guide_Project OWASP Development Guide here.]
 The OWASP Education project is meant to centralize all educational initiatives of OWASP. The project will not deliver education material as such, but define standards and guidelines on education material. Furthermore, this project aims to create an easy entrance towards understanding application security and usage of the OWASP tooling. By creating education documentation papers, screen scrape video courses, and setting up an OWASP Boot camp, a controlled education process of a standardized quality can be created continuously.
 ===[https://www.owasp.org/index.php/OWASP_Training OWASP Training]===
@@ Line 26: / Line 27: @@
 OWASP Student Chapter
-==OWASP 02 Project==
+'''[https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]'''
-The O2 platform represents a new paradigm for how to perform, document, and distribute Web Application security reviews. O2 is designed to Automate Application Security Knowledge and Workflows, and to Allow non-security experts to access and consume Security Knowledge. More about [https://www.owasp.org/index.php/OWASP_O2_Platform OWASP O2 Platform here.]
-==OWASP Open SAMM==
+The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience, and as such, is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
-==OWASP Testing Guide==
+'''[https://www.owasp.org/index.php/OWASP_Mobile_Security_Project OWASP Mobile Security Project]'''
-==OWASP Zed Attack Proxy (ZAP)==
+The primary focus is at the application layer. While we take into consideration the underlying mobile platform and carrier inherent risks when threat modeling and building controls, we are targeting the areas that the average developer can make a difference. Additionally, we focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.