This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Guide Project"
Line 16: | Line 16: | ||
==OWASP Guide 2.0 Downloads== | ==OWASP Guide 2.0 Downloads== | ||
− | |||
− | + | If you need a stable edition of the Guide, you should use one of these editions: | |
− | + | OWASP Guide 2.0.1 (English) | |
+ | * [http://prdownloads.sourceforge.net/owasp/OWASPGuide2.0.1.pdf?download PDF (3 MB)] | ||
+ | * [http://prdownloads.sourceforge.net/owasp/OWASPGuide2.0.1.zip?download Word (zip file, 1.4 MB)] | ||
+ | OWASP Guide 1.1.1 (Japanese, にほんご) | ||
+ | * [http://prdownloads.sourceforge.net/owasp/OWASPGuideV1.1.1-jp.pdf?download PDF (1.4 MB)] | ||
+ | |||
+ | Earlier versions of the Guide (1.0 and 1.1.1) can be found at our [http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62287 file download center], and in [http://sourceforge.net/cvs/?group_id=64424 CVS]. | ||
+ | |||
+ | ==OWASP Guide 3.0 (Current)== | ||
+ | |||
+ | This is the working (current) draft of the OWASP Guide 3.0. Please login to make changes as you see fit. Changes will be vetted by the OWASP Guide Project team. | ||
+ | |||
+ | If you'd like a point in time version of the Guide 3.0 in PDF format: | ||
+ | * [http://owasp.cvs.sourceforge.net/*checkout*/owasp/guide/current%20draft.pdf Guide 3.0 draft as of March 2006] | ||
+ | |||
+ | ===OWASP Guide 3.0=== | ||
* [[An Overview]] – describing what web applications and web services are. | * [[An Overview]] – describing what web applications and web services are. | ||
* [[How Much Security Do You Really Need]] – explaining how to assess the security need and perform risk assessments. | * [[How Much Security Do You Really Need]] – explaining how to assess the security need and perform risk assessments. |
Revision as of 12:37, 30 May 2006
Guide Table of ContentsOverview
The OWASP Guide to Building Secure Web Applications v2 is now released. Its release was announced at Black Hat in Las Vegas in late July 2005. This new version of the OWASP Guide is a major overhaul of the original document, containing nearly three times as much material. The project is currently steered by Andrew van der Stock.
The original OWASP Guide had become a staple diet for many web security professionals. Since 2002, the initial version was downloaded over 2 million times. Today, the Guide is referenced by many leading government, financial, and corporate standards and is the Gold standard for web application security.
The Guide is aimed at architects, developers, consultants and auditors and is a comprehensive manual for designing, developing and deploying secure web applications.
Announcements
Volunteers Needed
Much work remains to be done in these sections:
OWASP Guide 2.0 Downloads
If you need a stable edition of the Guide, you should use one of these editions:
OWASP Guide 2.0.1 (English)
OWASP Guide 1.1.1 (Japanese, にほんご)
Earlier versions of the Guide (1.0 and 1.1.1) can be found at our file download center, and in CVS.
OWASP Guide 3.0 (Current)
This is the working (current) draft of the OWASP Guide 3.0. Please login to make changes as you see fit. Changes will be vetted by the OWASP Guide Project team.
If you'd like a point in time version of the Guide 3.0 in PDF format:
OWASP Guide 3.0
- An Overview – describing what web applications and web services are.
- How Much Security Do You Really Need – explaining how to assess the security need and perform risk assessments.
- Phishing - Peer reviewed technical and process controls to reduce the risk from this most insidious form of fraud.
- Architecture – Discussion on how Architecture considerations can ensure security where it's needed.
- Authentication – Describes the different types of authentication possible and the common problems.
- Authorization – Describes access control concepts.
- Session Management – Describes the right way to manage sessions and generate session tokens.
- Error handling, Audit and Logging – Describes how to handle errors appropriately, what to log and how to log user and system events.
- Data Validation – Describes strategies for dealing with unexpected input and what you need to block.
- Interpreter Injections - includes all form of injections: SQL, XML, LDAP, ORM, code, user agent (includes XSS) and more.
- Privacy – Discusses privacy issues that may face your application.
- Cryptography – How to use cryptography and describes some common mistakes.
- File system - how to protect your most sensitive of files from being destroyed or made visible.
- Canonicalization and Unicode issues
- Deployment, Configuration, and more
Roadmap
Pages in category "OWASP Guide Project"
The following 28 pages are in this category, out of 28 total.