This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Guide Project"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
'''Welcome to the OWASP Guide Project'''
+
==Overview==
  
 
The OWASP Guide to Building Secure Web Applications v2 is now released. Its release was announced at Black Hat in Las Vegas in late July 2005. This new version of the OWASP Guide is a major overhaul of the original document, containing nearly three times as much material. The project is currently steered by Andrew van der Stock.
 
The OWASP Guide to Building Secure Web Applications v2 is now released. Its release was announced at Black Hat in Las Vegas in late July 2005. This new version of the OWASP Guide is a major overhaul of the original document, containing nearly three times as much material. The project is currently steered by Andrew van der Stock.
Line 5: Line 5:
 
The original OWASP Guide had become a staple diet for many web security professionals. Since 2002, the initial version was downloaded over 2 million times. Today, the Guide is referenced by many leading government, financial, and corporate standards and is the Gold standard for web application security.
 
The original OWASP Guide had become a staple diet for many web security professionals. Since 2002, the initial version was downloaded over 2 million times. Today, the Guide is referenced by many leading government, financial, and corporate standards and is the Gold standard for web application security.
  
The Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications. Among the 28 chapters and around 210 pages, some of the highlights include:
+
The Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications.  
  
* An Overview – describing what web applications and web services are.
+
==Announcements==
* How Much Security Do You Really Need ? – explaining how to assess the security need and perform risk assessments.
+
 
 +
==Volunteers Needed==
 +
 
 +
 
 +
==Downloads==
 +
 
 +
 
 +
==Highlights==
 +
 
 +
You can find the full [[Guide:Table of Contents]] to see all the details.
 +
 
 +
* [[An Overview]] – describing what web applications and web services are.
 +
* [[How Much Security Do You Really Need]] – explaining how to assess the security need and perform risk assessments.
 
* Phishing - Peer reviewed technical and process controls to reduce the risk from this most insidious form of fraud.
 
* Phishing - Peer reviewed technical and process controls to reduce the risk from this most insidious form of fraud.
 
* Architecture – Discussion on how Architecture considerations can ensure security where it's needed.
 
* Architecture – Discussion on how Architecture considerations can ensure security where it's needed.
Line 23: Line 35:
 
* Deployment, Configuration, and more
 
* Deployment, Configuration, and more
  
In total, the new guide is nearly three times as long, but has nearly 10 times as many controls as the OWASP Guide 1.1.1. This major new release brings OWASP to the forefront of web application security research.
 
The Guide is currently published in Word, HTML and PDF. You can find these files in the download section.
 
 
We plan to release a hardcopy version of the Guide (version 2.1) by the end of November when we go to print with the help of No Starch Press.
 
  
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]
 
[[Category:OWASP Download]]
 
[[Category:OWASP Download]]
 
[[Category:OWASP Document]]
 
[[Category:OWASP Document]]

Revision as of 15:37, 18 May 2006

Overview

The OWASP Guide to Building Secure Web Applications v2 is now released. Its release was announced at Black Hat in Las Vegas in late July 2005. This new version of the OWASP Guide is a major overhaul of the original document, containing nearly three times as much material. The project is currently steered by Andrew van der Stock.

The original OWASP Guide had become a staple diet for many web security professionals. Since 2002, the initial version was downloaded over 2 million times. Today, the Guide is referenced by many leading government, financial, and corporate standards and is the Gold standard for web application security.

The Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications.

Announcements

Volunteers Needed

Downloads

Highlights

You can find the full Guide:Table of Contents to see all the details.

  • An Overview – describing what web applications and web services are.
  • How Much Security Do You Really Need – explaining how to assess the security need and perform risk assessments.
  • Phishing - Peer reviewed technical and process controls to reduce the risk from this most insidious form of fraud.
  • Architecture – Discussion on how Architecture considerations can ensure security where it's needed.
  • Authentication – Describes the different types of authentication possible and the common problems.
  • Authorization – Describes access control concepts.
  • Session Management – Describes the right way to manage sessions and generate session tokens.
  • Audit, Traceability and Logging – Describes what to log and how to log user and system events.
  • Data Validation – Describes strategies for dealing with unexpected input and what you need to block.
  • Injections - includes all form of injections: SQL, XML, LDAP, ORM, code, user agent (includes XSS) and more.
  • Privacy – Discusses privacy issues that may face your application.
  • Cryptography – How to use cryptography and describes some common mistakes.
  • File system - how to protect your most sensitive of files from being destroyed or made visible.
  • Canonicalization and Unicode issues
  • Deployment, Configuration, and more