This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Java Project"

From OWASP
Jump to: navigation, search
m (Tools Chain)
m
Line 161: Line 161:
  
 
= Project Pages =
 
= Project Pages =
 
== Wiki Pages Review Operation 1 2015/2016 ==
 
 
[[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
 
 
<br/>
 
 
<br/>
 
  
 
== Tools Chain ==
 
== Tools Chain ==
  
[[OWASP_SonarQube_Project|OWASP SonarQube Project]]  
+
{| class="wikitable"
 
+
| [[OWASP_SonarQube_Project|OWASP SonarQube Project]]
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported.
+
| Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported.
 
+
| /
[[OWASP_Dependency_Check|OWASP Dependency Check]]
+
|-
 +
| [[OWASP_Dependency_Check|OWASP Dependency Check]]
 +
| Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported.
 +
| /
 +
|}
  
 
<br/>
 
<br/>
Line 221: Line 217:
  
 
== Retired, Inactive or Outdated Projects ==
 
== Retired, Inactive or Outdated Projects ==
 
  
 
{| class="wikitable"
 
{| class="wikitable"
!
+
| [[https://www.owasp.org/index.php/OWASP_ESAPI#tab=Downloads|OWASP ESAPI Project Java Implementation]]
! Name
 
! Comment
 
! URLs
 
|-
 
| -
 
| OWASP ESAPI Project Java Implementation  
 
 
| The Java and Java EE implementation of ESAPI Project is outdated and integrates various security issues, according to the bug tracker. It is strongly recommended to not employ this library in production code anymore and use alternative OWASP libraries instead. It still is useful for learning purposes.
 
| The Java and Java EE implementation of ESAPI Project is outdated and integrates various security issues, according to the bug tracker. It is strongly recommended to not employ this library in production code anymore and use alternative OWASP libraries instead. It still is useful for learning purposes.
| [[https://www.owasp.org/index.php/OWASP_ESAPI#tab=Downloads|Project Page]], [[https://owasp-esapi.atlassian.net/projects/ESAPILEG/issues/ESAPILEG-309?filter=allopenissues|Bug Tracker]]
+
| [[https://owasp-esapi.atlassian.net/projects/ESAPILEG/issues/ESAPILEG-309?filter=allopenissues|Bug Tracker]]
 
|}
 
|}
  
Line 279: Line 268:
 
Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.  
 
Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.  
  
Sounds cool? Then jump in…
+
Sounds cool? Then jump in...
  
 
To get involved join the mailing list, follow this link: [http://lists.owasp.org/mailman/listinfo/java-project OWASP Java and JVM Mailing List]
 
To get involved join the mailing list, follow this link: [http://lists.owasp.org/mailman/listinfo/java-project OWASP Java and JVM Mailing List]

Revision as of 10:32, 22 December 2015

OWASP Java Project Header.png

About

The OWASP Java™ and JVM Project is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of the project is on guidance for developers and architects using Java frameworks and JVM based technologies for web application development, on OWASP components that use Java and on participation in OWASP projects that use Java and JVM technologies. Moreover, we aim to provide security related guidance for system administrators managing Java and JVM based applications and tools.

The project is not limited to Java. It aims to also address topics around the JVM in general.

Community content is key to security information. The project depends on content from developers throughout the Java and JVM ecosystem.

Purpose

  • Provide deep, rich guidance for Java developers in using the security features of Java and of Java frameworks.
  • Address security in relation to the Java Virtual Machine and derived technologies.
  • Guide system administrators in managing Java and JVM related components and applications.
  • Create guidance for use of OWASP components that are designed for use with Java or other JVM languages.
  • Focus on information about working with and on OWASP tools built using Java or other JVM technologies.
  • Provide a stream of security related information, like vulnerabilities and security patches, related to the Java and JVM universe.
  • Build an ecosystem allowing to all actors interested to discuss, share and learn.


Licensing

OWASP Java™ Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Oracle® and Java™ are trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.


What's Hot!

See the "Tasks and Roadmap" tab for more information.

Wiki Pages Review Operation - 2015/2016


Team

Lead: Tasha CARL


Meta

Last Update: 12/2015


Other Resources

Mailing List

Twitter (Java)

GitHub (Java)

GitHub (OWASP)


Related Projects

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg






Tools Chain

OWASP SonarQube Project Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported. /
OWASP Dependency Check Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported. /



Libraries

OWASP Java HTML Sanitizer

OWASP Java Encoder Project



Documents

OWASP Secure Coding Practices - Quick Reference Guide

OWASP Codes of Conduct

OWASP Cheat Sheets Series

OWASP Testing Project

OWASP Web Top 10

OWASP Vulnerable Web Applications Directory



Pages to be reviewed or under review

Java Security Frameworks

OWASP_Java_Encoder_Project



Retired, Inactive or Outdated Projects

[ESAPI Project Java Implementation] The Java and Java EE implementation of ESAPI Project is outdated and integrates various security issues, according to the bug tracker. It is strongly recommended to not employ this library in production code anymore and use alternative OWASP libraries instead. It still is useful for learning purposes. [Tracker]



Ongoing Operations

Wiki Pages Review Operation - 2015/2016


Upcoming Operations

None at the moment. Everything is ongoing. If you have ideas for new operations, documentations, documents, projects, please drop a line on the mailing list or in a mail to project team.


Archived Operations

None at the moment.





There are many ways of getting involved in an OWASP Documentation projects.

The first step would be to establish contact with the project leaders and/or the entire team. This can be done using a direct and private message, or by joining the public mailing list to say hello.

When it comes to participating in project activities, everything depends on the time you are willing and able to invest. It is however very important to not jump into too many things at the beginning, later having to back out or to let unfinished things behind you. It is much better to start with small tasks, increasing intensity and investment over time.

Please also be patient with expecting the "merge" of your work into the existing project pages and code. As everywhere in live, trust has to be built-up.

The Java and Project has currently multiple tasks open, which can be found on the adequate section of this page. Note all tasks require a wiki account. Please take something you are interested in and start participating. Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.

Sounds cool? Then jump in...

To get involved join the mailing list, follow this link: OWASP Java and JVM Mailing List






The previous version of this JAVA Project home page is archived here: OWASP Java Project Archive (8.2010)


The category 'Java' should not be employed. Please use the category '[[Category:OWASP_Java_Project]]' instead.

Java
  Bytecode obfuscation
  Command injection in Java
  Complejidad Y Longitud De Las Contraseñas
  Content Security Policy
  CORS OriginHeaderScrutiny
  CORS RequestPreflighScrutiny
  Deserialization of untrusted data
  Detect profiling phase into web application
  Exception handling techniques
  Hacking Java Clients
  Hashing Java
  Hibernate
  Hibernate-Guidelines
  Implementacion De Firmas Digitales en Java
  Improper Data Validation
  Insecure Randomness
  Insecure Transport
  Insufficient Session-ID Length
  Inyección De Comandos En Java
  Java Server Faces
  JSP errorPage
  JSP JSTL
  Leftover Debug Code
  Logout
  Missing Error Handling
  Mobile Java Security
  Null Dereference
  OWASP CSRFGuard Project/es
  Parameter Validation Filter
  Password Management: Hardcoded Password
  Password Plaintext Storage
  PDF Attack Filter for Java EE
  Poor Logging Practice
  Preventing LDAP Injection in Java
  Process Control
  Return Inside Finally Block
  Securing tomcat
  Servlet spec - web.xml
  Session Timeout
  Struts
  Struts Validation in an ActionForm
  Struts Validation in validator.xml using an ActionForm
  Struts XSLT Viewer
  Traducción Español
  Unchecked Return Value: Missing Check against Null
  Unreleased Resource
  Unsafe JNI
  Unsafe Mobile Code
  Unsafe use of Reflection
  Using the Java Cryptographic Extensions
  Using the Java Secure Socket Extensions
  XPATH Injection Java




PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Java Project
Purpose: The OWASP Java™ and JVM Project is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies.
License: CC-BY 3.0 for documentation and GPLv3 for code. Oracle® and Java™ are trademarks of Oracle and/or its affiliates.
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Main links:
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases






IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated. The review effort is coordinated on this page: Wiki Pages Review Operation - 2015/2016.


Media in category "OWASP Java Project"

This category contains only the following file.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Java_Project&oldid=205407"