This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Python Security Project"
Timo.goosen (talk | contribs) (→Acknowledgements) |
Timo.goosen (talk | contribs) (→Detection Points) |
||
| Line 160: | Line 160: | ||
- Release update version of ""OWASP-ESAPI-python""" | - Release update version of ""OWASP-ESAPI-python""" | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
= Media = | = Media = | ||
Revision as of 16:40, 6 July 2015
OWASP Python Security ProjectPython Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations. The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:
IntroductionPython Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations. The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles: Security in python: white-box analysis, structural and functional analysis Security of python: black-box analysis, identify and address security-related issues Security with python: develop security hardened python suitable for high-risk and high-security environments
Detect and Respond to Attacks from Within the ApplicationDetectionAppSensor defines over 50 different detection points which can be used to identify a malicious attacker. ResponseAppSensor provides guidance on how to respond once a malicious attacker has been identified. Possible actions include: logging out the user, locking the account or notifying an administrator. More than a dozen response actions are described. Defending the ApplicationAn attacker often requires numerous probes and attack attempts in order to locate an exploitable vulnerability within the application. By using AppSensor it is possible to identify and eliminate the threat of an attacker before they are able to successfully identify an exploitable flaw.
LicensingLicense: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project) This license is a community friendly license as recommended by OWASP. You can read more here: What is the Python Security Project?Overview
Project FounderProject Leaders
|
Quick Download
Code Repository
In Print
The AppSensor Guide and CISO Briefing can be purchased at cost as a print on demand books. Classifications
| |||||||||
Please join the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience:
Current activities
Technical Roadmap
General Roadmap
"- Set up website with wiki
- Configure mailing list
- Configure github account and create code structure
- Create Project presentation and pamphlet
- Publish initial batch of documents on python security issues and possible mitigations with code examples
- Create python secure coding area
- Introduce project to OWASP Chapters
- Publish initial version of python secure coding manual
- Publish hardened version of python coded for security purposes
- Document usage of code security policies and call whitelisting
- Document usage of message deduplication and data storage in hash rings
- Document usage of ESAPI-extended security checks, including but not limited to controls applied to python internal calls, strings, processes, permissions, and low level kernel calls
- Create initial documentation of base libraries and modules
- Release library to customizec and integrate OpenSSL and cURL
- Release utility for SSL analysis of HTTPS communication over SSL
- Release utility for SSL analysis of FTPS/FTPES communication over SSL
- Release utility for analysis of POPS/IMAPS/SMTPS connections over SSL
- Release of utility for archival of SSL certificates and CRLs
- Release utility for PE extraction and hash generation from web files
- Release update version of ""OWASP-ESAPI-python"""
Introductory Briefings
| Developers | Architects | CISOs | ||
|
|
|
The CISO briefing is also available to buy at cost in print.
AppSensor Website
Code
- v2 Github Code
- (LEGACY) v1 Google Code
AppSensor Guide
- OWASP AppSensor Guide
- v2.0 EN
- v1.1 EN
Presentations
Automated Application Defenses to Thwart Advanced Attackers (Slides & Audio)
July, 2010 - OWASP London (UK) - Real Time Application Attack Detection and Response with OWASP AppSensor
June, 2010 - OWASP Leeds/North (UK) - OWASP AppSensor - The Self-Aware Web Application
June, 2010 - Video presentation - Automated Application Defenses to Thwart Advanced Attackers
November, 2009 - AppSec DC - Defend Yourself: Integrating Real Time Defenses into Online Applications
May, 2009 - OWASP Podcast #51
May, 2009 - AppSec EU Poland - Real Time Defenses against Application Worms and Malicious Attackers
November, 2008 - OWASP Summit Portugal 2008 PPT
Video Demos of AppSensor
Detecting Multiple Attacks & Logging Out Attacker
Source Documents / Artwork
- Guide
- Word (content only), DOC 11Mb
- Word, images, Lulu covers, diagrams, ZIP 96Mb
- Introduction for Developers
- A4 Illustrator and PDF exports, ZIP 19Mb
- US letter Illustrator and PDF exports, ZIP 19Mb
- Poster
- A1 Illustrator and PDF export ZIP, 18Mb
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
}}
