This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Security Frameworks Project"

From OWASP
Jump to: navigation, search
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...")
 
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
=Main=
 
=Main=
 
+
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
+
<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
Line 12: Line 12:
 
==Introduction==
 
==Introduction==
  
Write a description that is just a few paragraphs long
+
Providing a secure environment to a developer will lead to a more secure final product. Developers need to work in an environment which is secure by default and which relieves them of the burden of implementing their own security controls. That task often falls to the developers who create languages, or enterprise architects. We aim to create a library of design patterns and instructions that should be implemented by architects to create secure languages and environments for developers.
  
 
==Description==
 
==Description==
  
This project is the outgrowth of several conversations I've had recently, and a presentation given at AppSec CA by Ken Johnson and Mike McCabe (both of whom are on board to help out). There will be some copying from other projects (like some of the cheat sheets), but ultimately our goal is to provide language independent advice targeted at enterprise architects and the people who design programming languages. The goal is to make security functionality a part of the framework that a developer builds upon, so that the developer doesn't have to do it him or herself.
+
The project aims to provide language independent advice targeted at enterprise architects and people who design programming languages. The intent is to make security functionality a part of the framework that a developer builds upon, so that the developer doesn't have to implement their own security functions. The ultimate goal is to have as much security as possible built into the programming environment so that developer mistakes and omissions are less likely to lead to security vulnerabilities.
  
 
==Licensing==
 
==Licensing==
Line 23: Line 23:
  
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
+
<!--
 
== What is the OWASP Security Frameworks Project? ==
 
== What is the OWASP Security Frameworks Project? ==
  
Line 36: Line 36:
 
Link to presentation
 
Link to presentation
  
 
+
-->
  
  
 
== Project Leader ==
 
== Project Leader ==
  
Ari Elias-Bachrach
+
[[User:Ari_Elias-Bachrach|Ari Elias-Bachrach]]
  
  
 
== Related Projects ==
 
== Related Projects ==
  
* [[OWASP_CISO_Survey]]
+
* [[Cheat Sheets]]
 
+
* [[OWASP Framework Security Project]]
 
 
  
 
| valign="top"  style="padding-left:25px;width:200px;" |  
 
| valign="top"  style="padding-left:25px;width:200px;" |  
 
+
<!--
 
== Quick Download ==
 
== Quick Download ==
  
* Link to page/download
+
* Link to page/download when ready
 
+
-->
  
  
 
== News and Events ==
 
== News and Events ==
* [20 Nov 2013] News 2
+
* [22 Feb 2014] Project initiated
* [30 Sep 2013] News 1
 
  
  
Line 83: Line 81:
 
|}
 
|}
  
=FAQs=
+
=Security Frameworks=
 
+
List of guides:
; Q1
+
* [[Data Access Framework]]
: A1
+
* Password Storage
 
+
* Authentication Framework
; Q2
+
* [[Session Management Framework]]
: A2
+
* Framework for Handling Output
 +
* [[Security Headers]]
  
 
= Acknowledgements =
 
= Acknowledgements =
 
==Volunteers==
 
==Volunteers==
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
+
The OWASP security frameworks project is developed by a worldwide team of volunteers. The primary contributors to date have been:
  
* xxx
+
* Ari Elias-Bachrach
* xxx
+
* Mike McCabe
 +
* Ken Johnson
  
 
==Others==
 
==Others==
* xxx
+
* your name here, just volunteer :-)
* xxx
 
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
 
As of February 2014, the priorities are:
 
As of February 2014, the priorities are:
  
The plan is to develop a series of documents that cover the various features an architecture should provide. For example we'll have a document on XSS prevention, database access, authentication, CSRF prevention, etc. Each one will contain the design patterns that should be implemented in order to provide those functions in a secure manner. They'll each be free standing documents which can eventually be combined together into one large pdf or book when we're "done".
+
The plan is to develop a series of documents that cover the various features an architecture should provide. We'll have a document on XSS prevention, database access, authentication, CSRF prevention, etc. Each one will contain the design patterns that should be implemented in order to provide those functions in a secure manner. They'll each be free standing documents which can eventually be combined together into one large pdf or book when we're "done".
  
Involvement in the development and promotion of XXX is actively encouraged!
+
Involvement in the development and promotion of this project is actively encouraged!
 
You do not have to be a security expert in order to contribute.
 
You do not have to be a security expert in order to contribute.
 
Some of the ways you can help:
 
Some of the ways you can help:
* xxx
+
* volunteer to write (or help write) a design pattern document
* xxx
 
  
  

Latest revision as of 05:15, 13 February 2016

OWASP Inactive Banner.jpg

OWASP Security Frameworks

The OWASP Security Frameworks Project is a series of design patterns that can be used by language designers and architects to create secure frameworks for developers, thereby relieving developers of the work of implementing security themselves.

Introduction

Providing a secure environment to a developer will lead to a more secure final product. Developers need to work in an environment which is secure by default and which relieves them of the burden of implementing their own security controls. That task often falls to the developers who create languages, or enterprise architects. We aim to create a library of design patterns and instructions that should be implemented by architects to create secure languages and environments for developers.

Description

The project aims to provide language independent advice targeted at enterprise architects and people who design programming languages. The intent is to make security functionality a part of the framework that a developer builds upon, so that the developer doesn't have to implement their own security functions. The ultimate goal is to have as much security as possible built into the programming environment so that developer mistakes and omissions are less likely to lead to security vulnerabilities.

Licensing

The OWASP Security Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.



Project Leader

Ari Elias-Bachrach


Related Projects


News and Events

  • [22 Feb 2014] Project initiated


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

List of guides:

Volunteers

The OWASP security frameworks project is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Ari Elias-Bachrach
  • Mike McCabe
  • Ken Johnson

Others

  • your name here, just volunteer :-)

As of February 2014, the priorities are:

The plan is to develop a series of documents that cover the various features an architecture should provide. We'll have a document on XSS prevention, database access, authentication, CSRF prevention, etc. Each one will contain the design patterns that should be implemented in order to provide those functions in a secure manner. They'll each be free standing documents which can eventually be combined together into one large pdf or book when we're "done".

Involvement in the development and promotion of this project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • volunteer to write (or help write) a design pattern document


PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Security Frameworks Project (home page)
Purpose: The OWASP Security Frameworks Project is a series of design patterns that can be used by language designers and architects to create secure frameworks for developers, thereby relieving developers of the work of implementing security themselves.
License: Creative Commons Attribution-ShareAlike 3.0
who is working on this project?
Project Leader(s):
  • Ari Elias-Bachrach @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Ari Elias-Bachrach @ to contribute to this project
  • Contact Ari Elias-Bachrach @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Security_Frameworks_Project&oldid=208764"