This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User talk:Amber Marfatia"
(→Road Map towards creating the new security framework - Enhancing Security Options Framework (ESOP Framework): new section) |
(→Road Map towards creating the new security framework: new section) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | '''Welcome to ''OWASP''!''' | + | '''Welcome to ''OWASP''!''' We hope you will contribute much and well. You will probably want to read the [[Help:Contents|help pages]]. Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC) |
| − | We hope you will contribute much and well. | ||
| − | You will probably want to read the [[Help:Contents|help pages]]. | ||
| − | Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC) | ||
| − | == | + | == Purpose of the framework - Enhancing Security Options Framework (ESOP Framework) == |
Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities: | Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities: | ||
| Line 45: | Line 42: | ||
Road map for achieving the said framework is provided in the next section. | Road map for achieving the said framework is provided in the next section. | ||
| + | |||
| + | == Road Map towards creating the new security framework == | ||
| + | |||
| + | Project Roadmap: Planning to phase the project execution in following waves:<br> | ||
| + | |||
| + | 1. Wave 1: Documentation and Wireframe of the service framework<br>2. Wave 2: Class and design diagram framework<br>3. Wave 3: Development of the framework<br> 1. Application layer development<br> 2. Data layer development<br>4. Wave 4: Integration<br>5. Wave 5: Alpha Testing<br>6. Wave 6: Beta Testing<br>7. Release & Publish<br>4. Project links (if any) to external sites: N.A.<br>5. Project License: GNU GPL V3.0 | ||
| + | |||
| + | |||
| + | |||
| + | Timelines to above roadmap will be provided in the subsquent post. | ||
Latest revision as of 06:49, 18 March 2011
Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 17:15, 31 January 2011 (UTC)
Purpose of the framework - Enhancing Security Options Framework (ESOP Framework)
Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Session hacking
6. Denial of service (DoS) attacks
7. Eavesdropping /Sniffing/ Phishing
8. Identity Spoofing
9. Man-in-the-Middle Attacks
10. Username enumeration
1. Instrumentation & Audits for:
2. Critical Business Areas
3. User Management
4. Un-usual activities
5. Interfaces Integrations
11. IIS Tweaks
12. Password Policy
Road map for achieving the said framework is provided in the next section.
Road Map towards creating the new security framework
Project Roadmap: Planning to phase the project execution in following waves:
1. Wave 1: Documentation and Wireframe of the service framework
2. Wave 2: Class and design diagram framework
3. Wave 3: Development of the framework
1. Application layer development
2. Data layer development
4. Wave 4: Integration
5. Wave 5: Alpha Testing
6. Wave 6: Beta Testing
7. Release & Publish
4. Project links (if any) to external sites: N.A.
5. Project License: GNU GPL V3.0
Timelines to above roadmap will be provided in the subsquent post.
