This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Zezengorri Code Project"

From OWASP
Jump to: navigation, search
(Licensing)
(Edicion)
 
(24 intermediate revisions by the same user not shown)
Line 74: Line 74:
 
* '''[1 Nov 2017]'''  Release Page  Explain the Concept, with a white Paper
 
* '''[1 Nov 2017]'''  Release Page  Explain the Concept, with a white Paper
 
* '''[3 Apr 2018]''' The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos.
 
* '''[3 Apr 2018]''' The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos.
* '''[19 Aug 2018]''' 1.0  Release Candidate is available for download.  This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.
+
* '''[19 Aug 2018]''' 1.0  Release Candidate is available for download.  This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.  
 +
* Repository: [https://github.com/VascoArreaza/OWASPZezengorri]
  
 
|}
 
|}
Line 80: Line 81:
 
=FAQs=
 
=FAQs=
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->==How can I participate in our project?==
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->==How can I participate in our project?==
If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: '''ing.arreaza@gmail.com'''  
+
If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: '''gustavo.nievesarreaza@owasp.com'''  
  
 
==If I am not a programmer can I participate in our project?==
 
==If I am not a programmer can I participate in our project?==
Line 97: Line 98:
  
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
The  OWASP  Security  Zenzengorri  Principles  project  is  developed  by  a  worldwide  team  of volunteers.  A  live  update  of  project    contributors  is  found  here .
+
The  OWASP  Security  '''Zenzengorri'''   Principles  project  is  developed  by  a  worldwide  team  of volunteers.  A  live  update  of  project    contributors  is  found  here .
  
 
The  first  contributors  to  the  project  are:
 
The  first  contributors  to  the  project  are:
*
+
 
 +
'''-Lubyn Rodriguez(PM)'''
 +
 
 +
'''-Hernan Pantoja(Developer)'''
 +
 
 +
'''-Samuel Morales(Developer)'''
 +
 
 +
'''-Manuel Heyers(Developer)'''
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
Line 107: Line 115:
 
==Roadmap==
 
==Roadmap==
 
As of '''''february'' , 2017, the highest priorities for the next 6 months''' are: 
 
As of '''''february'' , 2017, the highest priorities for the next 6 months''' are: 
 +
* Complete the first draft of the Code Project Template
 +
* Get other people to review the Code Project Template and provide feedback
 +
* Incorporate feedback into changes in the Code Project Template
 +
* Finalize the Code Project template and have it reviewed to be promoted from an
 +
As of '''august , 2017, the highest priorities for the next 6 months''' are:
 +
* Promote the library in conferences
 +
* Get academic support
 +
* Recruit more volunteers
 +
As of '''march , 2018, the highest priorities for the next 6 months''' are:
 +
* Release version of library 1.0
 +
* Fundraise for growth the project
 +
<strong></strong>
  
'''● Complete the first draft of the Code Project Template'''
 
 
'''● Get other people to review the Code Project Template and provide feedback'''
 
 
'''● Incorporate feedback into changes in the Code Project Template'''
 
 
'''● Finalize the Code Project template and have it reviewed to be promoted from an'''
 
 
'''Incubator Project to a Lab Project'''
 
 
As of march , 2017, the highest priorities for the next 6 months are:
 
 
'''Release version of library 1.0'''
 
 
'''● Promote the library in conferences'''
 
 
'''● Get academic support'''
 
 
'''● Recruit more volunteers'''
 
 
Subsequent Releases will add
 
 
·        Internationalization Support
 
 
·        Additional Unit Tests
 
 
·        Automated Regression tests<strong></strong><strong>
 
 
==Getting Involved==
 
==Getting Involved==
Involvement  in  the  development  and  promotion  of    Code  Project  Template    is  actively encouraged.  Some  of  the  ways  you  can  help  are  as  follows:
 
  
 
===Coding===
 
===Coding===
We  could  implement  some  of  the  later  items  on  the  roadmap  sooner  if  someone  wanted  to  help out  with  unit  or  automated  regression  tests
+
If you have experience in programming in Node.js or Python and you want programming tools for secure applications.
===Localization===
 
Are  you   fluent  in   another  language?  Can  you   help  translate  the  text  strings  in  the    Code  Project Template    into  that  language?
 
  
German French Russian Portuguese
 
  
 
===Testing===
 
===Testing===
 
Do  you  have  a  flair  for  finding  bugs  in  software?  We  want  to  product  a  high  quality  product,  so any  help  with  Quality  Assurance  would  be  greatly  appreciated.  Let  us  know  if  you  can  offer  your help.
 
Do  you  have  a  flair  for  finding  bugs  in  software?  We  want  to  product  a  high  quality  product,  so any  help  with  Quality  Assurance  would  be  greatly  appreciated.  Let  us  know  if  you  can  offer  your help.
===Feedback===
+
 
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Code_Project_Template Code Project Template project mailing list] for feedback about:
 
<ul>
 
<li>What do like?</li>
 
<li>What don't you like?</li>
 
<li>What features would you like to see prioritized on the roadmap?</li>
 
</ul>
 
  
 
=Minimal Viable Product=
 
=Minimal Viable Product=
The   functionalities   of   this   code   library   are   when   it   is   downloaded   and   implemented.
+
 +
The functionalities of this code library are when it is downloaded and implemented.
 +
-Detect vulnerabilities
 +
-Compare vulnerabilities, with an updated database online.
 +
-Ranking the severity of vulnerabilities
 +
-Show how fix the vulnerabilities
 +
-Define you own security test in you own program language.
  
-Detect  vulnerabilities
+
= Media =
 
 
-Relate  vulnerabilities,  with  an  updated  database  online. -Ranking  the  severity  of  vulnerabilities  with  their  criticality. -Describe  solutions  for  fix  the  vulnerabilities
 
 
 
-Help  with  the  implementation  of  classes  and  functions  to  implement  secure development
 
 
 
=Project About=
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
The  functionalities  of  this  code  library  are  when  it  is  downloaded  and  implemented.
 
* -Detect  vulnerabilities
 
* -Relate  vulnerabilities,  with  an  updated  database  online.
 
* -Ranking  the  severity  of  vulnerabilities  with  their  critical.
 
* -Describe  solutions  for  fix  the  vulnerabilities
 
* -Help  with  the  implementation  of  classes  and  functions  to  implement  secure development
 
* Teach  about  secure  coding  subject  to  developer  team
 
{{:Projects/OWASP_Example_Project_About_Page}}
 
  
 +
-How Implement secure applications in IT: [[File:SDLC y Owasp English.pdf|thumb]]
 +
-Secure you part of the Deal: [[File:Clouds Security and OWASP.pdf|thumb]]
  
__NOTOC__ <headertabs></headertabs>  
+
__NOTOC__ <headertabs>Media</headertabs>
  
 
[[Category:OWASP Project]]   
 
[[Category:OWASP Project]]   

Latest revision as of 14:22, 14 October 2019

OWASP Project Header.jpg

OWASP Code Library Project

Zezengorri is a library that allows you to add security to your development IDE from day one. From the moment you decide to implement secure development to your projects.

You can start either while designing your new projects or implement it in old projects. You can use it to detect vulnerabilities of your web server and the programming language even before starting the development parallel to the system development life circle.

Description

Whenever developers, team leaders or project managers add security to a web application, the first question that comes to mind is which technologies will be implemented in the web project, what operating system is supported by the web server and on which version the server or database runs. For these reasons, OWASP defined a threat modeling document.

This project Zezengorri is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not HSTS, the versions of Chipset active, the use of SSL certificate for the web page among other securities characteristics important measure in the during the life cycle development software . Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the CVE page and the CVE score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort.

Apart from detecting and resolving security issues, the recompiled information is also useful to project leaders who can use it to create risk-models for the websites they manage.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of these

as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright © by OWASP Years 2017-2018.

Project Resources

Applications Security in IT deparment

Applications Security using .Net

Project Leader

Project leader's name:

-Gustavo Nieves Arreaza

Volunteers :

-Lubyn Rodriguez(PM)

-Hernan Pantoja(Developer)

-Samuel Morales(Developer)

-Manuel Heyers(Developer)

Related Projects

Owasp Secure Coding Practiques

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png

News and Events

  • [1 Nov 2017] Release Page Explain the Concept, with a white Paper
  • [3 Apr 2018] The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos.
  • [19 Aug 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
  • Repository: [1]
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Zezengorri_Code_Project&oldid=255438"