This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Insecure Web Components Project"
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
=Main= | =Main= | ||
− | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[ | + | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div> |
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
− | ==OWASP | + | ==OWASP Insecure Web Components Project== |
− | + | Helping to build and secure better web applications through the identification of insecure web components. | |
==Introduction== | ==Introduction== | ||
− | + | The OWASP Insecure Web Components Project is a repository of identified vulnerable components in popular web application frameworks and languages. The goal is to give developers and security professionals alike a centralized location where they can identify these vulnerable components when building and securing web applications. | |
Line 18: | Line 18: | ||
==Description== | ==Description== | ||
− | + | The focus of this project are the insecure components that make up popular web applications, and frameworks. These can be everything from Struts 2 tags, to ASP.NET MVC Models. We want to build a comprehensive list that can be used to help uncover issues in current implementations of web applications and aid in the secure architecture of them as well. | |
+ | |||
+ | ==Component Categories== | ||
+ | |||
+ | [https://www.owasp.org/index.php/OWASP_Insecure_Web_Components_Project/Struts2 Struts2] | ||
==Licensing== | ==Licensing== | ||
− | OWASP | + | OWASP Insecure Web Components Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Project Leader == | == Project Leader == | ||
− | + | Tony UcedaVelez "UV" | |
− | + | Benjamin Watson | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | | valign="top" style="padding-left:25px;width:200px;" | | ||
== News and Events == | == News and Events == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 106: | Line 79: | ||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
− | |||
− | |||
− | |||
− | |||
− | Involvement in the development and promotion of | + | As of 2014 our current priorities are identifying insecure components in J2EE applications and Java Web Application Frameworks. This includes Struts, Spring, Wicket, Grails, and so forth. We are looking at everything from API related components to configuration and environment. |
+ | |||
+ | Involvement in the development and promotion of the OWASP Insecure Web Components Project is actively encouraged! | ||
You do not have to be a security expert in order to contribute. | You do not have to be a security expert in order to contribute. | ||
Some of the ways you can help: | Some of the ways you can help: | ||
− | |||
− | |||
+ | * Contact Tony UV | ||
+ | * Contact Benjamin Watson | ||
Latest revision as of 23:55, 2 May 2015
OWASP Insecure Web Components ProjectHelping to build and secure better web applications through the identification of insecure web components. IntroductionThe OWASP Insecure Web Components Project is a repository of identified vulnerable components in popular web application frameworks and languages. The goal is to give developers and security professionals alike a centralized location where they can identify these vulnerable components when building and securing web applications.
DescriptionThe focus of this project are the insecure components that make up popular web applications, and frameworks. These can be everything from Struts 2 tags, to ASP.NET MVC Models. We want to build a comprehensive list that can be used to help uncover issues in current implementations of web applications and aid in the secure architecture of them as well. Component Categories
LicensingOWASP Insecure Web Components Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
Project LeaderTony UcedaVelez "UV" Benjamin Watson
|
News and EventsClassifications |
- Q1
- A1
- Q2
- A2
Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
- xxx
- xxx
Others
- xxx
- xxx
As of 2014 our current priorities are identifying insecure components in J2EE applications and Java Web Application Frameworks. This includes Struts, Spring, Wicket, Grails, and so forth. We are looking at everything from API related components to configuration and environment.
Involvement in the development and promotion of the OWASP Insecure Web Components Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Contact Tony UV
- Contact Benjamin Watson
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|