This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Assimilation Project"

From OWASP
Jump to: navigation, search
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...")
 
(First version of the project Summary)
Line 10: Line 10:
 
</span>
 
</span>
  
==OWASP Tool Project Template==
+
==OWASP Assimilation Project Summary==
<span style="color:#ff0000">
+
Many people compare securing systems against attackers as a form of warfare. In ''The Art of War'', Sun Tzu said "If you know your enemies and know yourself, you will not be imperiled in a hundred battles". The Assimilation helps you know yourself - your systems, networks, configurations in great detail, and then keeps it all that information ''continually'' up to date in a graph-based Configuration Management Database.
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.
 
</span>
 
  
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP ProjectsBy following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.
+
Here are a few of the kinds of things we track for you:
 +
* IP and MAC addresses
 +
* Services - including details on which ports, which binaries and what arguments, user id, group id, current directory
 +
* Client connections (same details as above)
 +
* Security-sensitive configuration details
 +
* Versions of packages
 +
* Checksums of network-facing binaries, libraries, and JARs.
 +
 
 +
This is all done in a [http://assimilationsystems.com/2015/04/14/scalability-from-doing-nothing/ highly scalable] way which cannot set off network security alarms and requires minimal human configuration.
 +
 
 +
In addition, we continually evaluate system configurations against best practices from the [http://ITBestPractices.info  IT Best Practices] project and compute risk scores for servers based on how they compare to security best practices. Since everything is stored in the [http://neo4j.org Neo4J] graph database, visualizations of things like your [http://assimilationsystems.com/2016/02/22/attack-surface/ attack surface] are natural and straightforward.
 +
 
 +
The project includes [http://assimilationsystems.com/2015/12/07/assimilation-event-api-overview/ event APIs] and [http://assimilationsystems.com/2014/04/02/new-command-line-queries-in-the-assimilation-software/ canned queries].
 +
 
 +
Future plans include:
 +
* Expanding the best practices we cover
 +
* Making it easy to see which machines are in need of security patches - take that into account with the security scores.
 +
* Taking better advantage of checksums - take that into account with security scores.
  
 
==Description==
 
==Description==

Revision as of 17:11, 22 February 2016

OWASP Project Header.jpg

Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.

OWASP Assimilation Project Summary

Many people compare securing systems against attackers as a form of warfare. In The Art of War, Sun Tzu said "If you know your enemies and know yourself, you will not be imperiled in a hundred battles". The Assimilation helps you know yourself - your systems, networks, configurations in great detail, and then keeps it all that information continually up to date in a graph-based Configuration Management Database.

Here are a few of the kinds of things we track for you:

  • IP and MAC addresses
  • Services - including details on which ports, which binaries and what arguments, user id, group id, current directory
  • Client connections (same details as above)
  • Security-sensitive configuration details
  • Versions of packages
  • Checksums of network-facing binaries, libraries, and JARs.

This is all done in a highly scalable way which cannot set off network security alarms and requires minimal human configuration.

In addition, we continually evaluate system configurations against best practices from the IT Best Practices project and compute risk scores for servers based on how they compare to security best practices. Since everything is stored in the Neo4J graph database, visualizations of things like your attack surface are natural and straightforward.

The project includes event APIs and canned queries.

Future plans include:

  • Expanding the best practices we cover
  • Making it easy to see which machines are in need of security patches - take that into account with the security scores.
  • Taking better advantage of checksums - take that into account with security scores.

Description

Continuous security verification. Our community creates best practices, translates them into code, and then our software continually verifies them in near real-time. This includes verification of the status of security patches.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the GNU GPL v3 License as published by the Free Software Foundation.

Project Resources

This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.

Installation Package

Source Code

What's New (Revision History)

Documentation

Wiki Home Page

Issue Tracker

Slide Presentation

Video

Project Leader

A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.

Project leader's name

Related Projects

This is where you can link to other OWASP Projects that are similar to yours.

Classifications

Project Type Files TOOL.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
Affero General Public License 3.0

News and Events

This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.

  • [12 Feb 2013] Support for Spanish is now available with this release.
  • [11 Jan 2014] The 1.0 stable version has been released! Thanks everyone for your feedback and code fixes that made this happen!
  • [18 Dec 2013] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
  • [20 Nov 2013] 1.0 Beta 2 Release is available for download. This release offers several bug fixes, a few performance improvements, and addressed all outstanding issues from a security audit of the code.
  • [30 Sep 2013] 1.0 Beta 1 Release is available for download. This release offers the first version with all of the functionality for a minimum viable product.

Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. The point of a document like this are the answers. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

Contributors

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. Be sure to provide a link to a complete list of all the amazing people in your project's community as well.

The OWASP Tool Project Template is developed by a worldwide team of volunteers. A live update of project contributors is found here.

The first contributors to the project were:

  • Colin Watson who created the OWASP Cornucopia project that the template was derived from
  • Chuck Cooper who edited the template to convert it from a documentation project to a Tool Project Template
  • YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES

Roadmap

There are a variety of roadmap-related artifacts on the project's Trello boards. You can find them here: https://trello.com/b/KKs4rI8g/assimilation-features-current-and-desired https://trello.com/b/98QrdEK1/issues-bugs https://trello.com/b/Vn6MtFMw/user-stories https://trello.com/b/OpaED3AT/assimilation-project https://trello.com/b/CqjvMapu/best-practices

You can also read more about the project's "current thinking" in the mailing list archives: http://lists.community.tummy.com/pipermail/assim-devel/ and http://lists.community.tummy.com/pipermail/assimilation/

Getting Involved

Involvement in the development and promotion of Assimilation Project is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:

Coding

Localization

Testing

Feedback

  • What do like?
  • What don't you like?
  • What features would you like to see prioritized on the roadmap?

This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern. Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.

The Tool Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager. Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: N/A
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
pending
last reviewed release
pending


other releases

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Assimilation_Project&oldid=209433"