Difference between revisions of "OWASP Java Project WIPRO 1 2015"

Revision as of 21:44, 25 May 2016

Wiki Pages Review Operation - 2015/2016

Main
Pages List
About

91 Pages in category "OWASP Java Pages" have to be reviewed. We use a Google Document where every person interested can let opinions, comments and suggestions. Even reviewing one single page is welcome.

Shared Google document used to comment and review:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

Team

Other Resources

N/A

Classifications

Shared Google document used to write reviews:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

Page	Status	Review	Operations
Bytecode obfuscation		Outdated but interesting to keep, marked for review. https://www.owasp.org/index.php/Talk:Bytecode_obfuscation
Captchas in Java		Updated and not of interest. Marked for deletion.	DELETED BY ADMIN
Clickjacking Protection for Java EE		Flagged for deletion, reason stated on page.	DELETED BY ADMIN
Command injection in Java		Marked for review.
Comparing classes by name		Marked for review
Complejidad Y Longitud De Las Contraseñas
Content Security Policy
CORS OriginHeaderScrutiny
CORS RequestPreflighScrutiny
Cross-site Scripting (XSS)		Looks updated	NO ACTION TAKEN
Declarative Access Control in Java		gone	Deleted by admin
Decompiling Java bytecode			DELETED
Deserialization of untrusted data		Looks legit	Looks legit
Detect profiling phase into web application
Exception handling techniques
Failure to follow guideline/specification
Hacking Java Clients
Hashing Java	UNDER REVIEW	Updated by Mark Gordon. Thank you!	No action needed
Hibernate
Hibernate-Guidelines
How to add validation logic to HttpServletRequest
How to encrypt a properties file
Implementacion De Firmas Digitales en Java
Improper Data Validation
Improper temp file opening
Information Leakage
Insecure Randomness
Insecure Transport
Insufficient Session-ID Length
Invoking untrusted mobile code
Inyección De Comandos En Java
J2EE Misconfiguration: Unsafe Bean Declaration
J2EE third party libraries insecurity			redirected to dependency check
JAAS Timed Login Module			Deleted
JAAS Tomcat Login Module			Deleted
Java Project Article Wishlist
Java Security Frameworks			Merged into category page
Java Security Resources			Merged into category page
Java Server Faces
JSP errorPage
JSP JSTL
Leftover Debug Code
Log Forging
Logout
Member Field Race Condition
Missing Error Handling
Mobile Java Security
Null Dereference
Object Model Violation: Just One of equals() and hashCode() Defined
Often Misused: Authentication
Overly-Broad Catch Block
Overly-Broad Throws Declaration
OWASP CSRFGuard Project/es
OWASP Java Table of Contents
Parameter Validation Filter
Password length & complexity
Password Management: Hardcoded Password
Password Management: Weak Cryptography
Password Plaintext Storage
PDF Attack Filter for Java EE
Poor Logging Practice
Preventing LDAP Injection in Java
Preventing SQL Injection in Java			redirected to sqlI cheatsheet
Process Control
Protecting code archives with digital signatures
Reflection attack in an auth protocol
Return Inside Finally Block
Securing tomcat
Servlet spec - web.xml
Session Fixation
Session Timeout
Signing jar files with jarsigner
State synchronization error
Struts
Struts Validation in an ActionForm
Struts Validation in validator.xml using an ActionForm
Struts XSLT Viewer
Traducción Español
Trust Boundary Violation
Trustworthy Java			Delete
Uncaught exception
Unchecked Return Value: Missing Check against Null
Unreleased Resource
Unsafe JNI
Unsafe Mobile Code
Unsafe Reflection
Using JCaptcha			deleted
Using the Java Cryptographic Extensions
Using the Java Secure Socket Extensions
XPATH Injection Java
OWASP's_ESAPI_Wiki_for_Java!	Check Project Status		The entire ESAPI For Java project needs a review. In progress on ML.

Shared Google document used to write reviews:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

OWASP Java and JVM Project - Wiki Pages Review Operation 1 - 2015/2016

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: OWASP Java Project WIPRO 1 - 2015/2016
Purpose: N/A
License: N/A
who	is working on this project?
Project Leader(s): N/A
how	can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
Contact the GPC to contribute to this project Contact the GPC to review or sponsor this project

current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases

@@ Line 143: / Line 143: @@
 |
 |
-|-
-|[[Digital Signature Implementation in Java]]
-|
-|
-| DELETED
 |-
 |[[Exception handling techniques ]]
@@ Line 252: / Line 247: @@
 |
 |
-| De;eted
+| Deleted
 |-
 |[[Java Project Article Wishlist ]]

Difference between revisions of "OWASP Java Project WIPRO 1 2015"

Revision as of 21:44, 25 May 2016

Team

Meta

Other Resources

Classifications

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools