This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Security Frameworks Project"
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...") |
(added some text, cleanup) |
||
| Line 12: | Line 12: | ||
==Introduction== | ==Introduction== | ||
| − | + | Providing a secure environment to a developer will lead to a more secure final product. Developers need to work in an environment which is secure by default and which relieves them of the burden of implementing their own security controls. That task often falls to the developers who create languages, or enterprise architects. We aim to create a library of design patterns and instructions that should be implemented by architects to create secure languages and environments for developers. | |
==Description== | ==Description== | ||
| − | + | The project aims to provide language independent advice targeted at enterprise architects and people who design programming languages. The intent is to make security functionality a part of the framework that a developer builds upon, so that the developer doesn't have to implement their own security functions. The ultimate goal is to have as much security as possible built into the programming environment so that developer mistakes and omissions are less likely to lead to security vulnerabilities. | |
==Licensing== | ==Licensing== | ||
| Line 59: | Line 59: | ||
== News and Events == | == News and Events == | ||
| − | * [ | + | * [22 Nov 2014] Project initiated |
| − | |||
| Line 105: | Line 104: | ||
As of February 2014, the priorities are: | As of February 2014, the priorities are: | ||
| − | The plan is to develop a series of documents that cover the various features an architecture should provide. | + | The plan is to develop a series of documents that cover the various features an architecture should provide. We'll have a document on XSS prevention, database access, authentication, CSRF prevention, etc. Each one will contain the design patterns that should be implemented in order to provide those functions in a secure manner. They'll each be free standing documents which can eventually be combined together into one large pdf or book when we're "done". |
Involvement in the development and promotion of XXX is actively encouraged! | Involvement in the development and promotion of XXX is actively encouraged! | ||
Revision as of 05:03, 23 February 2014
OWASP Security FrameworksThe OWASP Security Frameworks Project is a series of design patterns that can be used by language designers and architects to create secure frameworks for developers, thereby relieving developers of the work of implementing security themselves. IntroductionProviding a secure environment to a developer will lead to a more secure final product. Developers need to work in an environment which is secure by default and which relieves them of the burden of implementing their own security controls. That task often falls to the developers who create languages, or enterprise architects. We aim to create a library of design patterns and instructions that should be implemented by architects to create secure languages and environments for developers. DescriptionThe project aims to provide language independent advice targeted at enterprise architects and people who design programming languages. The intent is to make security functionality a part of the framework that a developer builds upon, so that the developer doesn't have to implement their own security functions. The ultimate goal is to have as much security as possible built into the programming environment so that developer mistakes and omissions are less likely to lead to security vulnerabilities. LicensingThe OWASP Security Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
What is the OWASP Security Frameworks Project?OWASP Security Frameworks Project provides:
PresentationLink to presentation
Project LeaderAri Elias-Bachrach
Related Projects
|
Quick Download
News and Events
In PrintThis project can be purchased as a print on demand book from Lulu.com
Classifications
| |||||||
- Q1
- A1
- Q2
- A2
Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
- xxx
- xxx
Others
- xxx
- xxx
As of February 2014, the priorities are:
The plan is to develop a series of documents that cover the various features an architecture should provide. We'll have a document on XSS prevention, database access, authentication, CSRF prevention, etc. Each one will contain the design patterns that should be implemented in order to provide those functions in a secure manner. They'll each be free standing documents which can eventually be combined together into one large pdf or book when we're "done".
Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- xxx
- xxx
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
