This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP ASIDE Project"
(→Description) |
(→News and Events) |
||
Line 86: | Line 86: | ||
== News and Events == | == News and Events == | ||
− | * [ | + | * [18-19 September 2014] Bill will be hosting a session about ASIDE project at AppSec USA 2014 in Denver! |
− | * [ | + | * [30 April 2014] ASIDE PHPCodeAnnotate plugin for Eclipse PHP IDE released! |
− | + | * [07 December 2013] ASIDE paper titled "Supporting Secure Programming in Web Applications through Interactive Static Analysis" accepted! | |
+ | * [10 May 2013] ASIDE Education with CodeRefactoring plugin for Eclipse Java IDE released! | ||
+ | * [22 October 2012] ASIDE paper titled "Interactive Support for Secure Programming Education" accepted! | ||
+ | * [September 2012] Bill and Jun delivered ASIDE talk titled "Using Interactive Static Analysis for Early Detection of Software Vulnerabilities" at OWASP AppSec USA in Austin! | ||
+ | * [8-10 August 2012] Jun gave a poster about ASIDE at USENIX Security 12! | ||
+ | * [10 May 2012] ASIDE JavaCodeAnnotate plugin for Eclipse Java IDE released! | ||
== In Print == | == In Print == |
Revision as of 01:24, 5 September 2014
OWASP ASIDEOWASP ASIDE is led by [Jun Zhu] and Bill Chu. Other major contributors include [Jing Xie], Heather Richter Lipford, Tyler Thomas, John Melton & Will Stranathan. IntroductionASIDE is an abbreviation for Application Security plugin for Integrated Development Environment. It is an Eclipse Plugin which is a software tool primarily designed to help developers write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs. DescriptionASIDE currently has three prototype implementations: ASIDE CodeRefactoring for Education, ASIDE CodeAnnotate which consists of two implementations, ASIDE JavaCodeAnnotate and ASIDE PHPCodeAnnotate. ASIDE CodeRefactoring for Education is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation, and provide interactive code refactoring support for students and professional developers to learn secure programming practices and write more secure code. ASIDE CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code. An older version of ASIDE DEMO shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it. Research Activities1. Jun Zhu, Jing Xie, Heather Richter Lipford, and Bill Chu, Supporting Secure Programming in Web Applications through Interactive Static Analysis, In Journal of Advanced Research, Elsevier, December, 2013. 2. Jun Zhu, Heather Richter Lipford, and Bill Chu, Interactive Support for Secure Programming Education, In Proceedings of ACM Technical Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA 3. Jing Xie, Heather Richter Lipford, and Bill Chu, Evaluating Interactive Support for Secure Programming, In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA 4. Jing Xie, Bill Chu, Heather Richter Lipford, and John T. Melton, ASIDE:IDE Support for Web Application Security, In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA 5. Jing Xie, Heather Richter Lipford, and Bill Chu, Why do programmers make security errors?, In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA 6. Jing Xie, Bill Chu, and Heather Richter Lipford Interactive Support for Secure Software Development, In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain LicensingOWASP ASIDE is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
What is ASIDE?OWASP ASIDE provides:
Presentation1. Our talk Using Interactive Static Analysis for Early Detection of Software Vulnerabilities at AppSec USA 2012. You can view and download our presentation. 2. Our talk Secure Programming Support in IDE at AppSec USA 2011 in Minneapolis. You can view and download our presentation. Project LeadersRelated Projects
Openhub
|
Quick Download
Email ListProject Email List: https://lists.owasp.org/mailman/listinfo/owasp-aside-project News and Events
In PrintN/A Classifications |
- Q1
- A1
- Q2
- A2
Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
- xxx
- xxx
Others
- xxx
- xxx
As of XXX, the priorities are:
- xxx
- xxx
- xxx
Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- xxx
- xxx
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|