This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Enterprise Application Security Project"
Line 16: | Line 16: | ||
Subproject [[Enterprise Business Application Vulnerability Statistics 2009]] | Subproject [[Enterprise Business Application Vulnerability Statistics 2009]] | ||
+ | |||
+ | {{:Projects/OWASP Enterprise Application Security Project | Statistics}} | ||
+ | [[Category:OWASP_Project|Enterprise Application Security Project | Statistics]] | ||
2 Help companies to begin assessment of enterprise applicatios by creating a | 2 Help companies to begin assessment of enterprise applicatios by creating a |
Revision as of 11:50, 12 October 2010
Main
Objective
The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation or sign-off of large scale (ie 'Enterprise') applications.
Project purpose
Enterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guidelines and tools for enterprise application security assessment.
Our Subprojects
Here are our primary goals:
1 Aware people about enterprise applicatio security vulnerabilities by making an Annual statistics of enterprise business application security vulnerabilities.
Subproject Enterprise Business Application Vulnerability Statistics 2009
2 Help companies to begin assessment of enterprise applicatios by creating a
Subproject Enterprise Business Application Security Implementation Assessment Guide
3 Help software companies to improve security of their solutions by creating a
Subproject Enterprise Business Application Security Vulnerability Testing Guide v1
4 Develop a free tools for Enterprise business applicatioons assessment
Subproject Enterprise Business Application Security Software
Project Roadmap
Have a look at the OWASP Enterprise Application Security Project/Roadmp
Statistics
Objective
This document is the first statistics report which will be repeated annually with showing tendencies and changes in Enterprise Business Application Security area.
Purpose
This document we will show a result of statistical research in the Business Application security area made by DSECRG and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical are those and what tendences we see.
Intro
Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nonetheless people still don’t pay much attention to Enterprise Business Application area as we see during our and our collegues research and audit data. Business applications are very large and complex systems that consists of different components such as Database server, Front-end, Web server, Application server and other parts. Also those systems lay on different Hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as: • Network architecture security • Os security • Database security • Application security • Front-end security
Every described layer may have their own vulnerabilities that can give attacker full access to business data even if other layers are fully secured. In this document all the popular applications from described levels and their vulnerabilities vill be shown. The purpose of this document to Increase awareness of Business Application security.
Links
Business applications vulnerability statistics 2009 and future trends - Presentation by Dmitry Evdokimov and Dmityy Chastuhin
SAP SDN page with latest vulnerabilities
Oracle Secalert CPU page with latest vulnerabilities
Annual report comming soon...
Authors
Alexander Polyakov (DSecRG) Dmitriy Chastuhin (DSecRG) Dmitriy Evdokimov (DSecRG)
Contributors
Leodid Kats (dsec.ru) Olga Yurova (dsec.ru)
Development guides
Implementation guides
Project About
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|