This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Zezengorri Code Project"
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...") |
(Edicion) |
||
(32 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
− | | | + | | style="border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
+ | ==OWASP Code Library Project == | ||
+ | '''Zezengorri''' is a library that allows you to add security to your development IDE from day one. From the moment you decide to implement secure development to your projects. | ||
− | + | You can start either while designing your new projects or implement it in old projects. You can use it to detect vulnerabilities of your web server and the programming language even before starting the development parallel to the system development life circle. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==Description== | ==Description== | ||
− | + | Whenever developers, team leaders or project managers add security to a web application, the first question that comes to mind is which technologies will be implemented in the web project, what operating system is supported by the web server and on which version the server or database runs. For these reasons, OWASP defined a threat modeling document. | |
− | |||
− | |||
+ | This project '''Zezengorri''' is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not '''HSTS''', the versions of '''Chipset''' active, the use of '''SSL''' certificate for the web page among other securities characteristics important measure in the during the life cycle development software . Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the '''CVE''' page and the '''CVE''' score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort. | ||
− | + | Apart from detecting and resolving security issues, the recompiled information is also useful to project leaders who can use it to create risk-models for the websites they manage. | |
− | |||
− | |||
− | |||
− | |||
− | |||
==Licensing== | ==Licensing== | ||
− | |||
− | |||
− | |||
− | This program is free software: you can redistribute it and/or modify it under the terms of | + | This program is free software: you can redistribute it and/or modify it under the terms of these |
+ | * https://opensource.org/licenses/NPOSL-3.0 | ||
+ | * https://creativecommons.org/licenses/by/4.0/ | ||
+ | * https://opensource.org/licenses/Frameworx-1.0 | ||
+ | as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright © by OWASP Years 2017-2018. | ||
− | | | + | | style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" | |
== Project Resources == | == Project Resources == | ||
− | |||
− | |||
− | |||
− | [ | + | [Https://drive.google.com/file/d/0B6d-UqLnHsOnUTZLTXVLbEZyY0E/view?usp=sharing|Secure Applications Security in IT deparment] |
+ | |||
+ | [Https://drive.google.com/file/d/0B6d-UqLnHsOnSDlwQW5tNGRKMkxSblVWX1g0RHZuNTJjM2tV/view?usp=sharing|Source Applications Security using .Net] | ||
− | + | == Project Leader == | |
− | + | Project leader's name: | |
− | + | '''-Gustavo Nieves Arreaza''' | |
− | + | Volunteers : | |
− | + | '''-Lubyn Rodriguez(PM)''' | |
− | + | '''-Hernan Pantoja(Developer)''' | |
− | + | '''-Samuel Morales(Developer)''' | |
− | |||
− | |||
− | |||
− | + | '''-Manuel Heyers(Developer)''' | |
== Related Projects == | == Related Projects == | ||
− | + | Owasp Secure Coding Practiques | |
− | |||
− | |||
− | * [ | + | * [https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui ck_Reference_Guide/Releases/SCP_v2 Secure_Coding_Practices] |
− | * [ | + | * [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Owasp Zed Attack Framework] |
==Classifications== | ==Classifications== | ||
Line 81: | Line 59: | ||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]] |
|- | |- | ||
− | | | + | | rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]] |
− | | | + | | width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]] |
|- | |- | ||
− | | | + | | width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]] |
|- | |- | ||
− | | colspan="2" align="center" | + | | colspan="2" align="center" | |
|} | |} | ||
− | | | + | | style="padding-left:25px;width:200px;" valign="top" | |
== News and Events == | == News and Events == | ||
− | + | * '''[1 Nov 2017]''' Release Page Explain the Concept, with a white Paper | |
− | + | * '''[3 Apr 2018]''' The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos. | |
− | + | * '''[19 Aug 2018]''' 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated. | |
− | * [ | + | * Repository: [https://github.com/VascoArreaza/OWASPZezengorri] |
− | * [ | ||
− | |||
|} | |} | ||
=FAQs= | =FAQs= | ||
− | <!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--> | + | <!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->==How can I participate in our project?== |
− | + | If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: '''gustavo.nievesarreaza@owasp.com''' | |
− | |||
− | |||
− | == | + | ==If I am not a programmer can I participate in our project?== |
− | + | Yes, you can certainly participate in the project if you are not a programmer or technician. The project needs different skills and expertise for different times during its development ,Currently we are looking for IT persons that are willing to investigate how implement and improve the security in applications. | |
− | + | We are looking right now people for make our: | |
− | |||
− | + | '''-QA''' | |
− | |||
− | + | '''-Marketing''' | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | '''-Development (using Node.Js and Python)''' | |
− | + | = Acknowledgements = | |
− | + | ==Volunteers== | |
− | |||
− | |||
− | |||
− | |||
− | = | ||
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--> | <!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--> | ||
− | + | The OWASP Security '''Zenzengorri''' Principles project is developed by a worldwide team of volunteers. A live update of project contributors is found here . | |
− | |||
− | |||
− | |||
− | + | The first contributors to the project are: | |
− | |||
− | |||
− | + | '''-Lubyn Rodriguez(PM)''' | |
− | |||
− | - | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | '''-Hernan Pantoja(Developer)''' | ||
+ | '''-Samuel Morales(Developer)''' | ||
+ | '''-Manuel Heyers(Developer)''' | ||
+ | = Road Map and Getting Involved = | ||
+ | <!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.--> | ||
==Roadmap== | ==Roadmap== | ||
− | As | + | As of '''''february'' , 2017, the highest priorities for the next 6 months''' are: |
− | |||
* Complete the first draft of the Code Project Template | * Complete the first draft of the Code Project Template | ||
* Get other people to review the Code Project Template and provide feedback | * Get other people to review the Code Project Template and provide feedback | ||
* Incorporate feedback into changes in the Code Project Template | * Incorporate feedback into changes in the Code Project Template | ||
− | * Finalize the Code Project template and have it reviewed to be promoted from an | + | * Finalize the Code Project template and have it reviewed to be promoted from an |
− | + | As of '''august , 2017, the highest priorities for the next 6 months''' are: | |
− | + | * Promote the library in conferences | |
− | + | * Get academic support | |
− | + | * Recruit more volunteers | |
− | + | As of '''march , 2018, the highest priorities for the next 6 months''' are: | |
− | * | + | * Release version of library 1.0 |
− | * | + | * Fundraise for growth the project |
− | </strong> | + | <strong></strong> |
==Getting Involved== | ==Getting Involved== | ||
− | |||
− | |||
− | |||
===Coding=== | ===Coding=== | ||
− | + | If you have experience in programming in Node.js or Python and you want programming tools for secure applications. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ===Testing=== | |
+ | Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help. | ||
− | |||
− | = | + | =Minimal Viable Product= |
− | + | ||
− | + | The functionalities of this code library are when it is downloaded and implemented. | |
− | + | -Detect vulnerabilities | |
− | + | -Compare vulnerabilities, with an updated database online. | |
− | + | -Ranking the severity of vulnerabilities | |
+ | -Show how fix the vulnerabilities | ||
+ | -Define you own security test in you own program language. | ||
− | + | = Media = | |
+ | -How Implement secure applications in IT: [[File:SDLC y Owasp English.pdf|thumb]] | ||
+ | -Secure you part of the Deal: [[File:Clouds Security and OWASP.pdf|thumb]] | ||
− | __NOTOC__ <headertabs /> | + | __NOTOC__ <headertabs>Media</headertabs> |
− | [[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Code]] | + | [[Category:OWASP Project]] |
+ | [[Category:OWASP_Builders]] | ||
+ | [[Category:OWASP_Defenders]] | ||
+ | [[Category:OWASP_Code]] |
Latest revision as of 14:22, 14 October 2019
OWASP Code Library ProjectZezengorri is a library that allows you to add security to your development IDE from day one. From the moment you decide to implement secure development to your projects. You can start either while designing your new projects or implement it in old projects. You can use it to detect vulnerabilities of your web server and the programming language even before starting the development parallel to the system development life circle. DescriptionWhenever developers, team leaders or project managers add security to a web application, the first question that comes to mind is which technologies will be implemented in the web project, what operating system is supported by the web server and on which version the server or database runs. For these reasons, OWASP defined a threat modeling document. This project Zezengorri is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not HSTS, the versions of Chipset active, the use of SSL certificate for the web page among other securities characteristics important measure in the during the life cycle development software . Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the CVE page and the CVE score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort. Apart from detecting and resolving security issues, the recompiled information is also useful to project leaders who can use it to create risk-models for the websites they manage. LicensingThis program is free software: you can redistribute it and/or modify it under the terms of these
as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright © by OWASP Years 2017-2018. |
Project ResourcesApplications Security in IT deparment Applications Security using .Net Project LeaderProject leader's name: -Gustavo Nieves Arreaza Volunteers : -Lubyn Rodriguez(PM) -Hernan Pantoja(Developer) -Samuel Morales(Developer) -Manuel Heyers(Developer) Related ProjectsOwasp Secure Coding Practiques Classifications |
News and Events
|
How can I participate in our project?
If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: [email protected]
If I am not a programmer can I participate in our project?
Yes, you can certainly participate in the project if you are not a programmer or technician. The project needs different skills and expertise for different times during its development ,Currently we are looking for IT persons that are willing to investigate how implement and improve the security in applications.
We are looking right now people for make our:
-QA
-Marketing
-Development (using Node.Js and Python)
Volunteers
The OWASP Security Zenzengorri Principles project is developed by a worldwide team of volunteers. A live update of project contributors is found here .
The first contributors to the project are:
-Lubyn Rodriguez(PM)
-Hernan Pantoja(Developer)
-Samuel Morales(Developer)
-Manuel Heyers(Developer)
Roadmap
As of february , 2017, the highest priorities for the next 6 months are:
- Complete the first draft of the Code Project Template
- Get other people to review the Code Project Template and provide feedback
- Incorporate feedback into changes in the Code Project Template
- Finalize the Code Project template and have it reviewed to be promoted from an
As of august , 2017, the highest priorities for the next 6 months are:
- Promote the library in conferences
- Get academic support
- Recruit more volunteers
As of march , 2018, the highest priorities for the next 6 months are:
- Release version of library 1.0
- Fundraise for growth the project
Getting Involved
Coding
If you have experience in programming in Node.js or Python and you want programming tools for secure applications.
Testing
Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.
The functionalities of this code library are when it is downloaded and implemented.
-Detect vulnerabilities -Compare vulnerabilities, with an updated database online. -Ranking the severity of vulnerabilities -Show how fix the vulnerabilities -Define you own security test in you own program language.
-How Implement secure applications in IT: File:SDLC y Owasp English.pdf -Secure you part of the Deal: File:Clouds Security and OWASP.pdf