This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Security Analysis of Core J2EE Design Patterns Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
==== Main ====
 
==== Main ====
 +
= Project Roadmap =
 +
* The project’s overall goal is to...
 +
** Be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks. Pattern usage is ubiquitous in software development, and the best patterns transcend specific languages and/or frameworks; analyzing the most pivotal frameworks in web applications allows us to build security advice that developers will use far in the future. At the same time, analyzing common patterns helps manual penetration testers and source code reviewers understand where to look for vulnerabilities within an application.
 +
 +
* In the near term, we are focused on the following tactical goals...
 +
 +
1. Convert existing Core J2EE Patterns analysis word document into wiki format,
 +
 +
2. Solicit feedback and add additional advice to each pattern,
 +
 +
3. Determine next steps in group:
 +
 +
3.1. Add source code examples,
 +
 +
3.2. Start reviewing other patterns, such as Patterns of Enterprise  Application Architecture, Enterprise Integration Patterns, or .Net Patterns.
 +
 +
  
  

Revision as of 15:33, 1 July 2009

Main

Project Roadmap

  • The project’s overall goal is to...
    • Be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks. Pattern usage is ubiquitous in software development, and the best patterns transcend specific languages and/or frameworks; analyzing the most pivotal frameworks in web applications allows us to build security advice that developers will use far in the future. At the same time, analyzing common patterns helps manual penetration testers and source code reviewers understand where to look for vulnerabilities within an application.
  • In the near term, we are focused on the following tactical goals...

1. Convert existing Core J2EE Patterns analysis word document into wiki format,

2. Solicit feedback and add additional advice to each pattern,

3. Determine next steps in group:

3.1. Add source code examples,

3.2. Start reviewing other patterns, such as Patterns of Enterprise Application Architecture, Enterprise Integration Patterns, or .Net Patterns.



Project Identification

PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Security Analysis of Core J2EE Design Patterns Project

Purpose: To analyze popular design and architectural patterns for potential security issues, including advice on common pitfalls to avoid and where in a pattern to implement common security controls. Note that we are not creating new “security patterns” but rather analyzing existing non-security-specific patterns.

Project License: GPL v3

who is working on this project?
Project Leader: Rohit Sethi

Project Maintainer: Rohit Sethi, Jim Manico

Project Contributor(s): Sahba Kazerooni, Krish Raja, Subu Ramanathan, Oliver Lavery, Frank Kim

how can you learn more?

3x slide presentation: To do

Project Flyer/Pamphlet: To do

Mail list: Subscribe or read the archives

Project Roadmap: To view, click here

Project main links: http://www.corej2eepatterns.com/Patterns2ndEd/index.htm

Project Health: Yellow button.JPG Not reviewed

Reviewed under: Assessment Criteria v2.0

Key Contacts
  • Contact Rohit Sethi to contribute to this project,
  • Contact Rohit Sethi or GPC to review or sponsor this project,
  • Contact GPC to report a problem or concern about this project or to update information.
current Release
First Release - July 2009 - TODO - add link to download

Release Leader: Rohit Sethi

Release details: Main links, release roadmap and assessment

Release Rating: Yellow button.JPG Not reviewed/Targeted at Stable Release
Reviewed under Assessment Criteria v2.0



This category currently contains no pages or media.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project&oldid=65063"