This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User talk:Amber Marfatia"
(→Road Map towards creating the new security framework - Enhancing Security Options Framework (ESOP Framework): new section) |
|||
| Line 1: | Line 1: | ||
| − | '''Welcome to ''OWASP''!''' | + | '''Welcome to ''OWASP''!''' We hope you will contribute much and well. You will probably want to read the [[Help:Contents|help pages]]. Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC) |
| − | We hope you will contribute much and well. | ||
| − | You will probably want to read the [[Help:Contents|help pages]]. | ||
| − | Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC) | ||
| − | == | + | == Purpose of the framework - Enhancing Security Options Framework (ESOP Framework) == |
Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities: | Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities: | ||
Revision as of 06:48, 18 March 2011
Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 17:15, 31 January 2011 (UTC)
Purpose of the framework - Enhancing Security Options Framework (ESOP Framework)
Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Session hacking
6. Denial of service (DoS) attacks
7. Eavesdropping /Sniffing/ Phishing
8. Identity Spoofing
9. Man-in-the-Middle Attacks
10. Username enumeration
1. Instrumentation & Audits for:
2. Critical Business Areas
3. User Management
4. Un-usual activities
5. Interfaces Integrations
11. IIS Tweaks
12. Password Policy
Road map for achieving the said framework is provided in the next section.
