This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Guide Project"

From OWASP
Jump to: navigation, search
(2014 Planning)
(Milestone 1 - April 30, 2014)
Line 179: Line 179:
 
* Working out strengths & responsibilities
 
* Working out strengths & responsibilities
  
==Milestone 1 - April 30, 2014==
+
==Milestone 1 - ==
 
 
* [https://github.com/OWASP/DevGuide/wiki/Authentication Authentication] - AJV
 
* [https://github.com/OWASP/DevGuide/wiki/Session-Management Session management]
 
* [https://github.com/OWASP/DevGuide/wiki/Access-control Access control]
 
* [https://github.com/OWASP/DevGuide/wiki/Input-validation-and-output-encoding Input validation and output encoding]
 
* [https://github.com/OWASP/DevGuide/wiki/Cryptography Cryptography] - Kevin Wall
 
* [https://github.com/OWASP/DevGuide/wiki/Data-protection Data Protection]
 
  
 
==Milestone 2 - July 20, 2014==
 
==Milestone 2 - July 20, 2014==

Revision as of 03:31, 16 June 2015

Lab big.jpg

OWASP Developer Guide

The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP's first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering.

Introduction

The OWASP Developer Guide is the original OWASP project. It was first published in 2002, when Ajax was only a mote in Microsoft's eye with the new e-mail notification in Outlook Web Access (and only if you used Internet Explorer). Since then, the web has come a long way. Unfortunately, the Developer Guide never really took off with the intended audience: developers. The original Guide was more a how to perform a web application penetration test, material now better covered in the OWASP Testing Guide .

The Developer Guide 2014 is a "first principles" book - it's not specific to any one language or framework, as they all borrow ideas and syntax from each other. There are highly specific issues in different languages, such as PHP configuration settings or Spring MVC issues, but we need to look past these differences and apply the basic tenets of secure system engineering to application security.

The major themes in the Developer Guide include:

  • Foundation
  • Architecture
  • Design
  • Build
  • Configure
  • Operate

We are re-factoring the original material from the Developer Guide 2.0, released in July 2005, and bring it into the modern world, and focus it tightly on modern web apps that use Ajax and RESTful API, and of course, mobile applications. All testing material will move to the OWASP Testing Guide and all code review material to the OWASP Code Review Guide.

Intended audience

The primary audience for the new version of the Developer Guide is Architects and Developers. The Developer Guide can still be used by penetration testers who want to move up to software verification or improve their craft, but the primary focus will become how to implement secure software from first principles.

Presentation

  • TBA

Project Leader

Related Projects

Ohloh

Licensing

OWASP Developer Guide is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Quick Download

We are developing the Guide in the open on GitHub.

All versions of the Developer Guide are also there for historical purposes.

Please come join us there and help write the next edition!

News and Events

  • [1 Feb 2014] New OWASP document template installed

In Print

Version 2.0.1 can be purchased for historical research on Lulu.com:


Classifications

Owasp-flagship-icon.jpg
Owasp-builders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg