This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Java Project WIPRO 1 2015"

From OWASP
Jump to: navigation, search
m
m
 
(36 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{taggedDocument
 +
| type=delete
 +
| comment=Tagged via fixme/delete.
 +
}}
 +
 
<div style="width:100%;border:0,margin:0;overflow: hidden;">[[File:OWASP_Java_Project_Header.png|link=]]</div>
 
<div style="width:100%;border:0,margin:0;overflow: hidden;">[[File:OWASP_Java_Project_Header.png|link=]]</div>
 
<br>
 
<br>
Line 4: Line 9:
 
<center>
 
<center>
 
<p style="font-size: 1.8em;">Wiki Pages Review Operation - 2015/2016</p>
 
<p style="font-size: 1.8em;">Wiki Pages Review Operation - 2015/2016</p>
[[OWASP Java Project]]
 
 
</center>
 
</center>
  
Line 14: Line 18:
 
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;width:100%" |
 
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;width:100%" |
  
...
+
91 Pages in category "OWASP Java Pages" have to be reviewed. We use a Google Document where every person interested can let opinions, comments and suggestions. Even reviewing one single page is welcome.  
 +
 
 +
Shared Google document used to comment and review:
 +
 
 +
https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing
 +
 
  
  
Line 20: Line 29:
  
 
== Team ==
 
== Team ==
 
Coordination: [https://www.owasp.org/index.php/User:imifos Tasha CARL]
 
  
 
<br/>
 
<br/>
Line 42: Line 49:
 
==Classifications==
 
==Classifications==
  
 +
<!--
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
Line 53: Line 61:
 
   | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
 
   | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
 
   |}
 
   |}
 +
-->
  
 
|}
 
|}
 +
 +
 +
= Pages List =
 +
 +
Shared Google document used to write reviews:
 +
 +
https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing
 +
 +
 +
{| class="wikitable"
 +
! Page
 +
! Status
 +
! Review
 +
! Operations
 +
|-
 +
|[[Bytecode obfuscation]]
 +
|
 +
| Outdated but interesting to keep, marked for review. https://www.owasp.org/index.php/Talk:Bytecode_obfuscation
 +
|
 +
|-
 +
|[[Captchas in Java ]]
 +
|
 +
|Updated and not of interest. Marked for deletion.
 +
|DELETED BY ADMIN
 +
|-
 +
|[[Clickjacking Protection for Java EE]]
 +
|
 +
|Flagged for deletion, reason stated on page.
 +
|DELETED BY ADMIN
 +
|-
 +
|[[Command injection in Java]]
 +
|
 +
|Marked for review.
 +
|
 +
|-
 +
|[[Comparing classes by name ]]
 +
|
 +
|Marked for review
 +
|
 +
|-
 +
|[[Complejidad Y Longitud De Las Contraseñas ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Content Security Policy ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[CORS OriginHeaderScrutiny]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[CORS RequestPreflighScrutiny]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Cross-site Scripting (XSS) ]]
 +
|
 +
| Looks updated
 +
| NO ACTION TAKEN, I: Removed Java tag since it's not really a Java specific isue and only an example was written usign JSP.
 +
|-
 +
|[[Declarative Access Control in Java]]
 +
|
 +
|gone
 +
|Deleted by admin
 +
|-
 +
|[[Decompiling Java bytecode]]
 +
|
 +
|
 +
| DELETED
 +
|-
 +
|[[Deserialization of untrusted data]]
 +
|
 +
| Looks legit
 +
| Looks legit
 +
|-
 +
|[[Detect profiling phase into web application]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Exception handling techniques ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Failure to follow guideline/specification ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Hacking Java Clients ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Hashing Java]]
 +
| UNDER REVIEW
 +
| Updated by Mark Gordon. Thank you!
 +
| No action needed
 +
|-
 +
|[[Hibernate]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Hibernate-Guidelines ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[How to add validation logic to HttpServletRequest]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[How to encrypt a properties file ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Implementacion De Firmas Digitales en Java]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Improper Data Validation]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Improper temp file opening ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Information Leakage]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Insecure Randomness]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Insecure Transport]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Insufficient Session-ID Length]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Invoking untrusted mobile code]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Inyección De Comandos En Java ]]
 +
|
 +
|Should we keep the 2 spanish pages? A translation is of course a good thing, but we have only 2 pages whose quality we cannot verify.
 +
|
 +
|-
 +
|[[J2EE Misconfiguration: Unsafe Bean Declaration]]
 +
|
 +
|J2EE is completely outdated and only used in old legacy installation. No new projects are based on this environment. Moreover the page does not contain any useful information. Marked for deletion.
 +
|
 +
|-
 +
|[[J2EE third party libraries insecurity]]
 +
|
 +
|See above. Propose to delete the page since it's not referenced by any other wiki page anymore.
 +
| redirected to dependency check
 +
|-
 +
|[[JAAS Timed Login Module ]]
 +
|
 +
|
 +
| Deleted
 +
|-
 +
|[[JAAS Tomcat Login Module]]
 +
|
 +
|
 +
| Deleted
 +
|-
 +
|[[Java Project Article Wishlist ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Java Security Frameworks]]
 +
|
 +
|
 +
| Merged into category page
 +
|-
 +
|[[Java Security Resources ]]
 +
|
 +
|
 +
| Merged into category page
 +
|-
 +
|[[Java Server Faces ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[JSP errorPage]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[JSP JSTL ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Leftover Debug Code]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Log Forging ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Logout]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Member Field Race Condition]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Missing Error Handling]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Mobile Java Security ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Null Dereference]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Object Model Violation: Just One of equals() and hashCode() Defined]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Often Misused: Authentication ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Overly-Broad Catch Block]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Overly-Broad Throws Declaration]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[OWASP CSRFGuard Project/es ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[OWASP Java Table of Contents]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Parameter Validation Filter]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Password length & complexity]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Password Management: Hardcoded Password]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Password Management: Weak Cryptography ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Password Plaintext Storage ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[PDF Attack Filter for Java EE ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Poor Logging Practice]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Preventing LDAP Injection in Java]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Preventing SQL Injection in Java ]]
 +
|
 +
|
 +
|redirected to sqlI cheatsheet
 +
|-
 +
|[[Process Control]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Protecting code archives with digital signatures]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Reflection attack in an auth protocol]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Return Inside Finally Block]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Securing tomcat]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Servlet spec - web.xml]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Session Fixation]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Session Timeout]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Signing jar files with jarsigner ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[State synchronization error]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Struts]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Struts Validation in an ActionForm]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Struts Validation in validator.xml using an ActionForm]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Struts XSLT Viewer]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Traducción Español]]
 +
|
 +
|
 +
|(See spanish page above)
 +
|-
 +
|[[Trust Boundary Violation]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Trustworthy Java]]
 +
|
 +
|
 +
| Delete
 +
|-
 +
|[[Uncaught exception]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Unchecked Return Value: Missing Check against Null ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Unreleased Resource]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Unsafe JNI]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Unsafe Mobile Code]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Unsafe Reflection ]]
 +
|cleaned, extended
 +
|useful code examples
 +
|marked to be merged with another page on the subject
 +
|-
 +
|[[Using JCaptcha ]]
 +
|
 +
|
 +
| deleted
 +
|-
 +
|[[Using the Java Cryptographic Extensions]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[Using the Java Secure Socket Extensions]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[XPATH Injection Java ]]
 +
|
 +
|
 +
|
 +
|-
 +
|[[OWASP's_ESAPI_Wiki_for_Java!]]
 +
| Check Project Status
 +
|
 +
| The entire ESAPI For Java project needs a review. In progress on ML.
 +
|}
 +
 +
Shared Google document used to write reviews:
 +
 +
https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing
  
 
=About=
 
=About=
Line 66: Line 549:
 
| project_description =  
 
| project_description =  
 
| project_license =
 
| project_license =
| leader_name1 = Tasha CARL
+
| leader_name1 =  
| leader_email1 = [email protected]
+
| leader_email1 =  
| leader_username1 = imifos
+
| leader_username1 =  
 
| contributor_name1 =  
 
| contributor_name1 =  
 
| contributor_email1 =  
 
| contributor_email1 =  
Line 83: Line 566:
  
 
<br/>
 
<br/>
 
[[Category:OWASP Java Project]]
 

Latest revision as of 21:56, 10 November 2017

This page has been recommended for deletion.
You can help OWASP by improving it or discussing it on its Talk page. See FixME
Comment: Tagged via fixme/delete.
OWASP Java Project Header.png


Wiki Pages Review Operation - 2015/2016


91 Pages in category "OWASP Java Pages" have to be reviewed. We use a Google Document where every person interested can let opinions, comments and suggestions. Even reviewing one single page is welcome.

Shared Google document used to comment and review:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing


Team


Meta

  • Start: 12/2015
  • Last Update: 12/2015


Other Resources

N/A


Classifications


Shared Google document used to write reviews:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing


Page Status Review Operations
Bytecode obfuscation Outdated but interesting to keep, marked for review. https://www.owasp.org/index.php/Talk:Bytecode_obfuscation
Captchas in Java Updated and not of interest. Marked for deletion. DELETED BY ADMIN
Clickjacking Protection for Java EE Flagged for deletion, reason stated on page. DELETED BY ADMIN
Command injection in Java Marked for review.
Comparing classes by name Marked for review
Complejidad Y Longitud De Las Contraseñas
Content Security Policy
CORS OriginHeaderScrutiny
CORS RequestPreflighScrutiny
Cross-site Scripting (XSS) Looks updated NO ACTION TAKEN, I: Removed Java tag since it's not really a Java specific isue and only an example was written usign JSP.
Declarative Access Control in Java gone Deleted by admin
Decompiling Java bytecode DELETED
Deserialization of untrusted data Looks legit Looks legit
Detect profiling phase into web application
Exception handling techniques
Failure to follow guideline/specification
Hacking Java Clients
Hashing Java UNDER REVIEW Updated by Mark Gordon. Thank you! No action needed
Hibernate
Hibernate-Guidelines
How to add validation logic to HttpServletRequest
How to encrypt a properties file
Implementacion De Firmas Digitales en Java
Improper Data Validation
Improper temp file opening
Information Leakage
Insecure Randomness
Insecure Transport
Insufficient Session-ID Length
Invoking untrusted mobile code
Inyección De Comandos En Java Should we keep the 2 spanish pages? A translation is of course a good thing, but we have only 2 pages whose quality we cannot verify.
J2EE Misconfiguration: Unsafe Bean Declaration J2EE is completely outdated and only used in old legacy installation. No new projects are based on this environment. Moreover the page does not contain any useful information. Marked for deletion.
J2EE third party libraries insecurity See above. Propose to delete the page since it's not referenced by any other wiki page anymore. redirected to dependency check
JAAS Timed Login Module Deleted
JAAS Tomcat Login Module Deleted
Java Project Article Wishlist
Java Security Frameworks Merged into category page
Java Security Resources Merged into category page
Java Server Faces
JSP errorPage
JSP JSTL
Leftover Debug Code
Log Forging
Logout
Member Field Race Condition
Missing Error Handling
Mobile Java Security
Null Dereference
Object Model Violation: Just One of equals() and hashCode() Defined
Often Misused: Authentication
Overly-Broad Catch Block
Overly-Broad Throws Declaration
OWASP CSRFGuard Project/es
OWASP Java Table of Contents
Parameter Validation Filter
Password length & complexity
Password Management: Hardcoded Password
Password Management: Weak Cryptography
Password Plaintext Storage
PDF Attack Filter for Java EE
Poor Logging Practice
Preventing LDAP Injection in Java
Preventing SQL Injection in Java redirected to sqlI cheatsheet
Process Control
Protecting code archives with digital signatures
Reflection attack in an auth protocol
Return Inside Finally Block
Securing tomcat
Servlet spec - web.xml
Session Fixation
Session Timeout
Signing jar files with jarsigner
State synchronization error
Struts
Struts Validation in an ActionForm
Struts Validation in validator.xml using an ActionForm
Struts XSLT Viewer
Traducción Español (See spanish page above)
Trust Boundary Violation
Trustworthy Java Delete
Uncaught exception
Unchecked Return Value: Missing Check against Null
Unreleased Resource
Unsafe JNI
Unsafe Mobile Code
Unsafe Reflection cleaned, extended useful code examples marked to be merged with another page on the subject
Using JCaptcha deleted
Using the Java Cryptographic Extensions
Using the Java Secure Socket Extensions
XPATH Injection Java
OWASP's_ESAPI_Wiki_for_Java! Check Project Status The entire ESAPI For Java project needs a review. In progress on ML.

Shared Google document used to write reviews:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

OWASP Java and JVM Project - Wiki Pages Review Operation 1 - 2015/2016



PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Java Project WIPRO 1 - 2015/2016
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases



Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Java_Project_WIPRO_1_2015&oldid=235310"