This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Insecure Web Components Project"

From OWASP
Jump to: navigation, search
Line 106: Line 106:
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
As of XXX, the priorities are:
+
 
* xxx
+
As of 2014 our current priorities are identifying insecure components in J2EE applications and Java Web Application Frameworks.  This includes Struts, Spring, Wicket, Grails, and so forth.  We are looking at everything from API related components to configuration and environment.
* xxx
 
* xxx
 
  
 
Involvement in the development and promotion of XXX is actively encouraged!
 
Involvement in the development and promotion of XXX is actively encouraged!

Revision as of 16:55, 3 January 2014

OWASP Project Header.jpg

OWASP Insecure Web Components Project

The OWASP Insecure Web Components Project

Introduction

The OWASP Insecure Web Components Project is a repository of identified vulnerable components in popular web application frameworks and languages. The goal is to give developers and security professionals alike a centralized location where they can identify these vulnerable components when building and securing web applications.


Description

The focus of this project are the insecure components that make up popular web applications, and frameworks. These can be everything from Struts 2 tags, to ASP.NET MVC Models. We want to build a comprehensive list that can be used to help uncover issues in current implementations of web applications and aid in the secure architecture of them as well.


Licensing

OWASP XXX is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is XXX?

OWASP XXX provides:

  • xxx
  • xxx


Presentation

Link to presentation



Project Leader

Project leader's name


Related Projects


Quick Download

  • Link to page/download


News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
Q1
A1
Q2
A2

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

As of 2014 our current priorities are identifying insecure components in J2EE applications and Java Web Application Frameworks. This includes Struts, Spring, Wicket, Grails, and so forth. We are looking at everything from API related components to configuration and environment.

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Insecure Web Components Project
Purpose: The focus of this project are the insecure components that make up popular web applications, and frameworks. These can be everything from Struts 2 tags, to ASP.NET MVC Models. We want to build a comprehensive list that can be used to help uncover issues in current implementations of web applications and aid in the secure architecture of them as well.
License: Creative Commons Attribution ShareAlike 3.0 License (best for documentation projects)
who is working on this project?
Project Leader(s):
  • Tony UV @
  • Benjamin Watson @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Tony UV @ to contribute to this project
  • Contact Tony UV @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases