This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "History of OWASP"
m |
|||
| Line 2: | Line 2: | ||
We just created this page a few minutes ago and sent out a request for contributors to collectively record the OWASP history. It would be great to capture items such as the growth of the organization, screenshots of the various owasp.org pages over the years (nod to waybackmachine), individuals involved at various points, etc. | We just created this page a few minutes ago and sent out a request for contributors to collectively record the OWASP history. It would be great to capture items such as the growth of the organization, screenshots of the various owasp.org pages over the years (nod to waybackmachine), individuals involved at various points, etc. | ||
| + | |||
| + | == The eMai that Started OWASP == | ||
| + | |||
| + | From: Mark Curphey (markcurphey.com) | ||
| + | Date: Mon Sep 24 2001 - 01:52:35 CDT | ||
| + | |||
| + | Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] | ||
| + | |||
| + | As some of you may know, someone on the www-mobile-codesecurityfocus.com | ||
| + | (to be renamed webappsecsecurityfocus.com real soon) list suggested setting | ||
| + | up a project to define an industry standard testing methodology for the | ||
| + | security of web applications. I was asked to help set it up and co-ordinate | ||
| + | and am pleased to be involved. Several people have already volunteered with | ||
| + | various degrees of commitment. As I discussed ideas with various people, it | ||
| + | became clear there was a need for a much wider project to include the | ||
| + | design, development, deployment and testing of web application security as | ||
| + | well as the standard categorization of attacks. | ||
| + | |||
| + | So we are pleased to announce the creation of the "Open Web Application | ||
| + | Security Project" known as OWASP. This is a community effort that will be | ||
| + | open source and available to all. I have created a quick and dirty web site | ||
| + | at http://www.owasp.org until we can get a real webmaster to volunteer. As | ||
| + | this was created on the mailing list, most of the work is expected to be | ||
| + | driven on mailing list traffic. | ||
| + | |||
| + | How will the project work ? | ||
| + | Over the coming months the project will seek to define security | ||
| + | recommendations, specifications and explanations in key areas. Security | ||
| + | professionals will be able to use the output to incorporate in their work. | ||
| + | Security vendors will be able to base services and products on these | ||
| + | standards and consumers will be able to baseline and test applications or | ||
| + | services they consume. | ||
| + | |||
| + | It seems to make sense to initially start by defining standard web | ||
| + | application Attack Categories and develop the testing methodology. The | ||
| + | methodology will probably include "white box"�testing (where the tester has | ||
| + | full access to source code), "black box" testing where the tester has access | ||
| + | to the application as a user and "glass box" testing where the tester has | ||
| + | both. | ||
| + | |||
| + | A broad based schedule will be set over the next few weeks after initial | ||
| + | administrivia has been worked out. That includes a licensing model such as | ||
| + | GPL�to prevent commercial companies taking the output and using it as there | ||
| + | own, whilst still promoting its widespread adoption. Each part of the | ||
| + | project will need to be lead by individual volunteers, initial ones will | ||
| + | hopefully be determined this week. | ||
| + | |||
| + | We are currently looking for; | ||
| + | |||
| + | Technical - We are looking for additional people with technical security | ||
| + | skills in various web technologies including HTTP, XML, HTML, ASP, Java, C, | ||
| + | C#, PHP, CGI's, Perl, JavaScript, .NET, J2EE and others. | ||
| + | |||
| + | Translators - We have two translators ready to port documentation to French | ||
| + | and Portuguese. However we will be looking for other volunteers in | ||
| + | particular German. | ||
| + | |||
| + | Graphic Designer - We need some simple graphics for the web-site and may | ||
| + | need illustrations etc. | ||
| + | |||
| + | Webmaster - We need someone to design and maintain this web site. | ||
| + | |||
| + | Much of the success of open source projects comes from individuals adding | ||
| + | value within his or her individual area of expertise. This community | ||
| + | welcomes your contribution. | ||
| + | |||
| + | http://www.owasp.org | ||
| + | |||
| + | Kind Regards, | ||
| + | |||
| + | Mark Curphey | ||
| + | == | ||
Revision as of 18:31, 13 September 2012
Happy 11th Birthday OWASP - Sept 9, 2001
We just created this page a few minutes ago and sent out a request for contributors to collectively record the OWASP history. It would be great to capture items such as the growth of the organization, screenshots of the various owasp.org pages over the years (nod to waybackmachine), individuals involved at various points, etc.
The eMai that Started OWASP
From: Mark Curphey (markcurphey.com)
Date: Mon Sep 24 2001 - 01:52:35 CDT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
As some of you may know, someone on the www-mobile-codesecurityfocus.com (to be renamed webappsecsecurityfocus.com real soon) list suggested setting up a project to define an industry standard testing methodology for the security of web applications. I was asked to help set it up and co-ordinate and am pleased to be involved. Several people have already volunteered with various degrees of commitment. As I discussed ideas with various people, it became clear there was a need for a much wider project to include the design, development, deployment and testing of web application security as well as the standard categorization of attacks.
So we are pleased to announce the creation of the "Open Web Application Security Project" known as OWASP. This is a community effort that will be open source and available to all. I have created a quick and dirty web site at http://www.owasp.org until we can get a real webmaster to volunteer. As this was created on the mailing list, most of the work is expected to be driven on mailing list traffic.
How will the project work ? Over the coming months the project will seek to define security recommendations, specifications and explanations in key areas. Security professionals will be able to use the output to incorporate in their work. Security vendors will be able to base services and products on these standards and consumers will be able to baseline and test applications or services they consume.
It seems to make sense to initially start by defining standard web application Attack Categories and develop the testing methodology. The methodology will probably include "white box"�testing (where the tester has full access to source code), "black box" testing where the tester has access to the application as a user and "glass box" testing where the tester has both.
A broad based schedule will be set over the next few weeks after initial administrivia has been worked out. That includes a licensing model such as GPL�to prevent commercial companies taking the output and using it as there own, whilst still promoting its widespread adoption. Each part of the project will need to be lead by individual volunteers, initial ones will hopefully be determined this week.
We are currently looking for;
Technical - We are looking for additional people with technical security skills in various web technologies including HTTP, XML, HTML, ASP, Java, C, C#, PHP, CGI's, Perl, JavaScript, .NET, J2EE and others.
Translators - We have two translators ready to port documentation to French and Portuguese. However we will be looking for other volunteers in particular German.
Graphic Designer - We need some simple graphics for the web-site and may need illustrations etc.
Webmaster - We need someone to design and maintain this web site.
Much of the success of open source projects comes from individuals adding value within his or her individual area of expertise. This community welcomes your contribution.
Kind Regards,
Mark Curphey ==
