This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Project Reviews Guideline"
From OWASP
| Line 9: | Line 9: | ||
# Old outdated forms and new current forms are found with Goggle search with no indication of which forms are deprecated. | # Old outdated forms and new current forms are found with Goggle search with no indication of which forms are deprecated. | ||
# Questions if money is being allocated with correct percentage of OWASP total revenue to projects. | # Questions if money is being allocated with correct percentage of OWASP total revenue to projects. | ||
| + | |||
| + | '''5/24/2016 Larry Conklin''' | ||
| + | |||
| + | Proposed first stab of a '''Project DashBoard''' This was created by running a program that outputs a mediawiki table that can be inserted into a wiki page | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Repository Name | ||
| + | ! Description | ||
| + | ! Lanuage | ||
| + | ! Open Issues Count | ||
| + | ! Last Activity Date | ||
| + | ! Commit Last Date | ||
| + | ! Commit Author | ||
| + | ! Message | ||
| + | |- | ||
| + | |||
| + | |AppSec-Browser-Bundle | ||
| + | |The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. | ||
| + | |JavaScript | ||
| + | |0 | ||
| + | |0 | ||
| + | |3/23/2016 3:25 PM | ||
| + | |dennisgroves | ||
| + | |12/24/2013 9:14 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |AppSensor-Handbook | ||
| + | |OWASP AppSensor Handbook | ||
| + | | | ||
| + | |1 | ||
| + | |1 | ||
| + | |11/5/2014 4:18 PM | ||
| + | |Dennis Groves | ||
| + | |12/3/2012 4:54 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |ASVS | ||
| + | |Application Security Verification Standard | ||
| + | | | ||
| + | |24 | ||
| + | |24 | ||
| + | |5/23/2016 4:50 AM | ||
| + | |Andrew van der Stock | ||
| + | |12/16/2015 2:16 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |Benchmark | ||
| + | |The OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. As it is written in Java, it supports Java Static Analysis Security Testing Tools (SAST). It’s also a fully runnable web application, so it supports Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP, and Interactive Analysis Security Testing Tools (IAST) that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page. | ||
| + | |Java | ||
| + | |3 | ||
| + | |3 | ||
| + | |5/20/2016 5:42 AM | ||
| + | |Dave Wichers | ||
| + | |5/10/2016 1:54 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |CodeReviewGuide | ||
| + | |Repository for OWASP Code Review document | ||
| + | | | ||
| + | |4 | ||
| + | |4 | ||
| + | |5/23/2016 5:25 PM | ||
| + | |Dinis Cruz | ||
| + | |6/24/2014 11:15 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |Cuiaba | ||
| + | |OWASP Cuiaba, Brazil. A brilliant idea to have the entire chapter and their projects in github! Go Brazil! | ||
| + | |CSS | ||
| + | |0 | ||
| + | |0 | ||
| + | |11/20/2014 8:44 PM | ||
| + | |Gabriel Pedro | ||
| + | |2/11/2014 7:01 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |dev-pages | ||
| + | |Developer Focused OWASP Pages | ||
| + | | | ||
| + | |0 | ||
| + | |0 | ||
| + | |12/2/2015 5:49 AM | ||
| + | |Matt Konda | ||
| + | |2/4/2015 6:43 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |DevGuide | ||
| + | |The OWASP Guide | ||
| + | | | ||
| + | |10 | ||
| + | |10 | ||
| + | |5/24/2016 4:09 PM | ||
| + | |Steven van der Baan | ||
| + | |3/16/2016 9:12 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |DotNet_ANSA | ||
| + | |.NET ASP.NET Security Analyser - Consolidation of multiple ASP.NET OWASP tools | ||
| + | |ASP | ||
| + | |1 | ||
| + | |1 | ||
| + | |3/22/2016 5:38 PM | ||
| + | |Dinis Cruz | ||
| + | |4/25/2015 2:53 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |Droid-10-Project | ||
| + | | | ||
| + | | | ||
| + | |0 | ||
| + | |0 | ||
| + | |3/22/2016 5:28 PM | ||
| + | | | ||
| + | |1/1/0001 12:00 AM | ||
| + | |The remote server returned an error: (409) Conflict. Common issue is repository is empty or unavailable. | ||
| + | |- | ||
| + | |||
| + | |EJSF | ||
| + | |Development of security framework based on Owasp Esapi for JSF2.0 | ||
| + | |Java | ||
| + | |1 | ||
| + | |1 | ||
| + | |11/20/2014 8:44 PM | ||
| + | |matts6 | ||
| + | |10/17/2013 9:40 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |HTML5SlideTemplates | ||
| + | |HTML 5 slide templates for OWASP presentations (beta) | ||
| + | | | ||
| + | |1 | ||
| + | |1 | ||
| + | |3/22/2016 6:49 PM | ||
| + | |Erlend Oftedal | ||
| + | |7/2/2013 9:58 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |java-html-sanitizer | ||
| + | |A fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS. | ||
| + | |Java | ||
| + | |10 | ||
| + | |10 | ||
| + | |5/20/2016 11:22 PM | ||
| + | |Mike Samuel | ||
| + | |5/23/2016 7:17 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |json-sanitizer | ||
| + | |Automatically exported from code.google.com/p/json-sanitizer | ||
| + | |Java | ||
| + | |1 | ||
| + | |1 | ||
| + | |3/14/2016 1:32 PM | ||
| + | |Mike Samuel | ||
| + | |4/29/2016 7:25 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |KBAPM | ||
| + | | | ||
| + | | | ||
| + | |0 | ||
| + | |0 | ||
| + | |3/22/2016 5:33 PM | ||
| + | |OWASPFoundation | ||
| + | |12/3/2014 8:54 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |NINJA-PingU | ||
| + | | | ||
| + | |Python | ||
| + | |0 | ||
| + | |0 | ||
| + | |5/6/2016 6:07 PM | ||
| + | |guifre | ||
| + | |4/14/2014 9:46 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |NodeGoat | ||
| + | |The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. | ||
| + | |HTML | ||
| + | |9 | ||
| + | |9 | ||
| + | |5/24/2016 2:17 AM | ||
| + | |Chetan Karande | ||
| + | |4/28/2016 7:27 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |O-Saft | ||
| + | |O-Saft - OWASP SSL audit for testers | ||
| + | |Perl | ||
| + | |13 | ||
| + | |13 | ||
| + | |5/18/2016 11:02 AM | ||
| + | |EnDe | ||
| + | |5/24/2016 10:57 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |open-swamp | ||
| + | |SWAMP open source | ||
| + | |JavaScript | ||
| + | |0 | ||
| + | |0 | ||
| + | |3/22/2016 5:25 PM | ||
| + | |SWAMP | ||
| + | |3/26/2015 5:54 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |opensamm | ||
| + | | | ||
| + | |XSLT | ||
| + | |1 | ||
| + | |1 | ||
| + | |4/18/2016 9:10 PM | ||
| + | |Brian Glas | ||
| + | |5/20/2016 5:59 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |opensammbenchmark | ||
| + | |Documents and code relating to the OpenSAMM benchmarking efforts | ||
| + | | | ||
| + | |0 | ||
| + | |0 | ||
| + | |3/22/2016 5:24 PM | ||
| + | |Dan Cornell | ||
| + | |4/8/2015 7:39 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |OWASP-EnDe | ||
| + | |EnDe is a collection of tools (built-in in the browser) for data encoding/decoding and conversion. | ||
| + | | | ||
| + | |0 | ||
| + | |0 | ||
| + | |3/22/2016 6:54 PM | ||
| + | |Achim | ||
| + | |12/31/2009 4:11 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |owasp-esapi-php | ||
| + | |Automatically exported from code.google.com/p/owasp-esapi-php | ||
| + | |PHP | ||
| + | |19 | ||
| + | |19 | ||
| + | |7/13/2015 11:33 PM | ||
| + | |jahboite | ||
| + | |7/30/2012 11:47 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |owasp-esapi-ruby | ||
| + | |The Owasp Esapi Ruby is a port for outstanding release quality Owasp Esapi project to the Ruby programming language. The idea is to build a Ruby gem (the standard ruby library archive format) containing the Esapi concepts implemented in Ruby classes so people using Ruby in their Rails application can have security into them. | ||
| + | |Ruby | ||
| + | |0 | ||
| + | |0 | ||
| + | |11/20/2014 8:45 PM | ||
| + | |dennisgroves | ||
| + | |12/7/2012 10:16 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |OWASP-GoatDroid-Project | ||
| + | |OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here: https://github.com/jackMannino/OWASP-GoatDroid-Project/downloads | ||
| + | |Java | ||
| + | |0 | ||
| + | |0 | ||
| + | |9/8/2015 10:43 PM | ||
| + | |Jack Mannino | ||
| + | |9/25/2012 2:45 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |owasp-java-encoder | ||
| + | |The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting! | ||
| + | |Java | ||
| + | |1 | ||
| + | |1 | ||
| + | |5/10/2016 8:05 PM | ||
| + | |Jim Manico | ||
| + | |4/12/2015 7:19 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |owasp-java-validator | ||
| + | | | ||
| + | |Java | ||
| + | |0 | ||
| + | |0 | ||
| + | |5/19/2016 2:06 PM | ||
| + | |Steven van der Baan | ||
| + | |1/14/2016 4:22 PM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |owasp-orizon | ||
| + | |The Owasp Orizon Project is an open source tool to perform some static analysis over a source codebase. It's is focused over security and it supports multiple programming languages. | ||
| + | |Java | ||
| + | |0 | ||
| + | |0 | ||
| + | |11/20/2014 8:46 PM | ||
| + | |Paolo Perego | ||
| + | |4/28/2010 10:50 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |OWASP-Project-Metrics | ||
| + | |OWASP Project Metrics | ||
| + | | | ||
| + | |12 | ||
| + | |12 | ||
| + | |3/22/2016 5:32 PM | ||
| + | |Federico Figus | ||
| + | |6/10/2014 11:58 AM | ||
| + | | | ||
| + | |- | ||
| + | |||
| + | |OWASP-Proxy | ||
| + | |Owasp Proxy | ||
| + | |Java | ||
| + | |2 | ||
| + | |2 | ||
| + | |5/10/2016 2:21 AM | ||
| + | |Rogan Dawes | ||
| + | |3/3/2012 4:48 AM | ||
| + | | | ||
| + | |- | ||
| + | |} | ||
Revision as of 02:17, 25 May 2016
Please add your comments and concerns regarding the current Project Review Guidelines:
Discussion
5/21/2016 Nikola Milosevic SeraphimDroid comments, reported by Larry Conklin via email.
- Project self-assessment form does not take into consideration, lab and flagship levels.
- Wiki website is not easy to navigate for project information.
- Projects need more emphasis on main OWASP wiki page.
- Old outdated forms and new current forms are found with Goggle search with no indication of which forms are deprecated.
- Questions if money is being allocated with correct percentage of OWASP total revenue to projects.
5/24/2016 Larry Conklin
Proposed first stab of a Project DashBoard This was created by running a program that outputs a mediawiki table that can be inserted into a wiki page
| Repository Name | Description | Lanuage | Open Issues Count | Last Activity Date | Commit Last Date | Commit Author | Message | |
|---|---|---|---|---|---|---|---|---|
| AppSec-Browser-Bundle | The OWASP AppSec Browser Bundle is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. | JavaScript | 0 | 0 | 3/23/2016 3:25 PM | dennisgroves | 12/24/2013 9:14 AM | |
| AppSensor-Handbook | OWASP AppSensor Handbook | 1 | 1 | 11/5/2014 4:18 PM | Dennis Groves | 12/3/2012 4:54 PM | ||
| ASVS | Application Security Verification Standard | 24 | 24 | 5/23/2016 4:50 AM | Andrew van der Stock | 12/16/2015 2:16 PM | ||
| Benchmark | The OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. As it is written in Java, it supports Java Static Analysis Security Testing Tools (SAST). It’s also a fully runnable web application, so it supports Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP, and Interactive Analysis Security Testing Tools (IAST) that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page. | Java | 3 | 3 | 5/20/2016 5:42 AM | Dave Wichers | 5/10/2016 1:54 AM | |
| CodeReviewGuide | Repository for OWASP Code Review document | 4 | 4 | 5/23/2016 5:25 PM | Dinis Cruz | 6/24/2014 11:15 AM | ||
| Cuiaba | OWASP Cuiaba, Brazil. A brilliant idea to have the entire chapter and their projects in github! Go Brazil! | CSS | 0 | 0 | 11/20/2014 8:44 PM | Gabriel Pedro | 2/11/2014 7:01 AM | |
| dev-pages | Developer Focused OWASP Pages | 0 | 0 | 12/2/2015 5:49 AM | Matt Konda | 2/4/2015 6:43 PM | ||
| DevGuide | The OWASP Guide | 10 | 10 | 5/24/2016 4:09 PM | Steven van der Baan | 3/16/2016 9:12 AM | ||
| DotNet_ANSA | .NET ASP.NET Security Analyser - Consolidation of multiple ASP.NET OWASP tools | ASP | 1 | 1 | 3/22/2016 5:38 PM | Dinis Cruz | 4/25/2015 2:53 PM | |
| Droid-10-Project | 0 | 0 | 3/22/2016 5:28 PM | 1/1/0001 12:00 AM | The remote server returned an error: (409) Conflict. Common issue is repository is empty or unavailable. | |||
| EJSF | Development of security framework based on Owasp Esapi for JSF2.0 | Java | 1 | 1 | 11/20/2014 8:44 PM | matts6 | 10/17/2013 9:40 PM | |
| HTML5SlideTemplates | HTML 5 slide templates for OWASP presentations (beta) | 1 | 1 | 3/22/2016 6:49 PM | Erlend Oftedal | 7/2/2013 9:58 PM | ||
| java-html-sanitizer | A fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS. | Java | 10 | 10 | 5/20/2016 11:22 PM | Mike Samuel | 5/23/2016 7:17 PM | |
| json-sanitizer | Automatically exported from code.google.com/p/json-sanitizer | Java | 1 | 1 | 3/14/2016 1:32 PM | Mike Samuel | 4/29/2016 7:25 PM | |
| KBAPM | 0 | 0 | 3/22/2016 5:33 PM | OWASPFoundation | 12/3/2014 8:54 PM | |||
| NINJA-PingU | Python | 0 | 0 | 5/6/2016 6:07 PM | guifre | 4/14/2014 9:46 PM | ||
| NodeGoat | The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. | HTML | 9 | 9 | 5/24/2016 2:17 AM | Chetan Karande | 4/28/2016 7:27 PM | |
| O-Saft | O-Saft - OWASP SSL audit for testers | Perl | 13 | 13 | 5/18/2016 11:02 AM | EnDe | 5/24/2016 10:57 PM | |
| open-swamp | SWAMP open source | JavaScript | 0 | 0 | 3/22/2016 5:25 PM | SWAMP | 3/26/2015 5:54 PM | |
| opensamm | XSLT | 1 | 1 | 4/18/2016 9:10 PM | Brian Glas | 5/20/2016 5:59 AM | ||
| opensammbenchmark | Documents and code relating to the OpenSAMM benchmarking efforts | 0 | 0 | 3/22/2016 5:24 PM | Dan Cornell | 4/8/2015 7:39 PM | ||
| OWASP-EnDe | EnDe is a collection of tools (built-in in the browser) for data encoding/decoding and conversion. | 0 | 0 | 3/22/2016 6:54 PM | Achim | 12/31/2009 4:11 PM | ||
| owasp-esapi-php | Automatically exported from code.google.com/p/owasp-esapi-php | PHP | 19 | 19 | 7/13/2015 11:33 PM | jahboite | 7/30/2012 11:47 PM | |
| owasp-esapi-ruby | The Owasp Esapi Ruby is a port for outstanding release quality Owasp Esapi project to the Ruby programming language. The idea is to build a Ruby gem (the standard ruby library archive format) containing the Esapi concepts implemented in Ruby classes so people using Ruby in their Rails application can have security into them. | Ruby | 0 | 0 | 11/20/2014 8:45 PM | dennisgroves | 12/7/2012 10:16 AM | |
| OWASP-GoatDroid-Project | OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here: https://github.com/jackMannino/OWASP-GoatDroid-Project/downloads | Java | 0 | 0 | 9/8/2015 10:43 PM | Jack Mannino | 9/25/2012 2:45 AM | |
| owasp-java-encoder | The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting! | Java | 1 | 1 | 5/10/2016 8:05 PM | Jim Manico | 4/12/2015 7:19 PM | |
| owasp-java-validator | Java | 0 | 0 | 5/19/2016 2:06 PM | Steven van der Baan | 1/14/2016 4:22 PM | ||
| owasp-orizon | The Owasp Orizon Project is an open source tool to perform some static analysis over a source codebase. It's is focused over security and it supports multiple programming languages. | Java | 0 | 0 | 11/20/2014 8:46 PM | Paolo Perego | 4/28/2010 10:50 AM | |
| OWASP-Project-Metrics | OWASP Project Metrics | 12 | 12 | 3/22/2016 5:32 PM | Federico Figus | 6/10/2014 11:58 AM | ||
| OWASP-Proxy | Owasp Proxy | Java | 2 | 2 | 5/10/2016 2:21 AM | Rogan Dawes | 3/3/2012 4:48 AM |
