This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:OWASP Project
|
|
---|---|
- Welcome
- Project Inventory
- Project Task Force
- Online Resources
- Starting a New Project
- Project Assessments
- Brand Resources
- Terminology
- Sponsorships and Donations
- PM Information
- Contact US
|
|
Flagship Projects
The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
Code
Tools
Documentation
Labs Projects
OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
Tools
- OWASP Broken Web Applications Project
- OWASP CSRFTester Project
- OWASP EnDe Project
- OWASP Hackademic Challenges Project
- OWASP Mantra Security Framework
- OWASP Mutillidae Project
- OWASP O2 Platform
- OWASP Vicnum Project
- OWASP Wapiti Project
- OWASP Yasca Project
- OWASP OWTF
- OWASP Web Testing Environment Project
- OWASP WebGoat Project
- OWASP Zed Attack Proxy
Documentation
- OWASP AppSec Tutorial Series
- OWASP AppSensor Project
- OWASP CTF Project
- OWASP Legal Project
- OWASP Podcast Project
- Virtual Patching Best Practices
- OWASP Application Security Verification Standard Project
- OWASP Code Review Guide Project
- OWASP Codes of Conduct
- OWASP Development Guide Project
- OWASP Secure Coding Practices - Quick Reference Guide
- OWASP Software Assurance Maturity Model (SAMM)
- OWASP Testing Guide Project
- OWASP Top Ten Project
Code
- OWASP AntiSamy Project
- OWASP Enterprise Security API
- OWASP ModSecurity Core Rule Set Project
- OWASP CSRFGuard Project
Incubator Projects
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
Code
- OWASP OPA
- OWASP Java Encoder Project
- OWASP JSON Sanitizer
- OWASP Java HTML Sanitizer Project
- OWASP Java XML Templates Project
- OWASP Passfault
- OWASP Java File I/O Security Project
- OWASP Security Research and Development Framework
- OWASP Focus
- OWASP PHPRBAC Project
- OWASP EJSF Project
- OWASP iMAS - iOS Mobile Application Security Project
- OWASP RBAC Project
- OWASP PHP Security Project
- OWASP File Format Validation Project
- OWASP JAWS Project
- OWASP Node.js Goat Project
- OWASP System Vulnerable Code Project
- OWASP ISO/IEC 27034 Application Security Controls Project
- OWASP Secure Headers Project
- OWASP Hardened Phalcon Project
- OWASP Barbarus
Tools
- OWASP NAXSI Project
- OWASP Passw3rd Project
- OWASP WebGoat.NET
- OWASP Path Traverser
- OWASP Watiqay
- OWASP Security Shepherd
- OWASP Xenotix XSS Exploit Framework
- OWASP Mantra OS
- OWASP XSSER
- OWASP Academy Portal Project
- OWASP ASIDE Project
- OWASP iGoat Project
- OWASP SamuraiWTF
- O-Saft
- OWASP OpenStack Security Project
- OWASP Bricks
- OWASP Dependency Check
- OWASP Hive Project
- OWASP Rails Goat Project
- OWASP Bywaf Project
- OWASP S.T.I.N.G Project
- OWASP VaultDB Project
- OWASP Mutillidae 2 Project
- OWASP Skanda - SSRF Exploitation Framework
- OWASP SeraphimDroid Project
- OWASP Androïck Project
- OWASP SafeNuGet Project
- OWASP WebSandBox Project
- OWASP Dependency Track Project
- OWASP PHP Portscaner Project
- OWASP Python Security Project
- OWASP WebSpa Project
- OWASP Financial Information Exchange Security Project
- OWASP NINJA PingU Project
- OWASP Encoder Comparison Reference Project
- OWASP sqliX Project
- OWASP LAPSE Project
- OWASP Orizon Project
- OWASP WASC Distributed Web Honeypots Project
- OWASP Click Me Project
- OWASP Secure TDD Project
- OWASP XSecurity Project
- OWASP Pyttacker Project
- OWASP Code Pulse Project
- OWASP HTTP POST Tool
- OWASP PHP Security Training Project
- OWASP iOSForensic
Documentation
- OWASP Data Exchange Format Project
- OWASP Cheat Sheets Project
- OWASP Proactive Controls
- OWASP Security Baseline Project
- OWASP Application Security Requirements Project
- OWASP Application Security Assessment Standards Project
- OWASP Computer Based Training Project (OWASP CBT Project)
- OWASP Enterprise Application Security Project
- OWASP Exams Project
- OWASP GoatDroid Project
- OWASP Request For Proposal
- OWASP University Challenge
- OWASP Hacking-Lab
- OWASP Application Security Awareness Top 10 E-learning Project
- WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)
- OWASP ESAPI Swingset Project
- OWASP Press
- OWASP CISO Survey
- OWASP Application Security Guide For CISOs
- OWASP Scada Security Project
- OWASP Cornucopia
- OWASP Secure Application Design Project
- OWASP Top 10 Fuer Entwickler Project
- OWASP Web Application Security Quick Reference Guide Project
- OWASP Supporting Legacy Web Applications in the Current Environment Project
- OWASP Security Principles Project
- OWASP Media Project
- OWASP Global Chapter Meetings Project
- OWASP Vulnerable Web Applications Directory Project
- OWASP Game Security Framework Project
- OWASP Insecure Web Components Project
- OWASP Reverse Engineering and Code Modification Prevention Project
- OWASP Student Chapters Project
- OWASP Education Project
- OWASP Speakers Project
- OWASP Internet of Things Top Ten Project
- OWASP .NET Project
- OWASP Research Book Project
- OWASP Open Cyber Security Framework Project
- OWASP Top 10 Privacy Risks Project
- OWASP WASC Web Hacking Incidents Database Project
- OWASP Security Frameworks Project
- OWASP Incident Response Project
- OWASP Embedded Application Security
- OWASP STING Game Project
- OWASP Ruby on Rails and Friends Security Guide
- OWASP Secure Development Training
Donated Projects
OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.
Tools
Inactive Projects
Archived Projects
OWASP Archived Projects are inactive Labs projects. If you are interested in pursuing any of the projects below, please contact us and let us know of your interest.
- OWASP Access Control Rules Tester Project
- OWASP Application Security Metrics Project
- OWASP AppSec FAQ Project
- OWASP ASDR Project
- OWASP Backend Security Project
- OWASP Best Practices: Use of Web Application Firewalls
- OWASP CAL9000 Project
- OWASP CLASP Project
- OWASP CodeCrawler Project
- OWASP Content Validation using Java Annotations Project
- OWASP DirBuster Project
- OWASP Encoding Project
- OWASP Google Hacking Project
- OWASP Insecure Web App Project
- OWASP Interceptor Project
- OWASP JSP Testing Tool Project
- OWASP LiveCD Education Project
- OWASP Logging Guide
- OWASP NetBouncer Project
- OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project
- OWASP OpenSign Server Project
- OWASP Pantera Web Assessment Studio Project
- OWASP PHP Project
- OWASP Report Generator
- OWASP Scholastic Application Security Assessment Project
- OWASP Security Analysis of Core J2EE Design Patterns Project
- OWASP Security Spending Benchmarks Project
- OWASP Site Generator Project
- OWASP Skavenger Project
- OWASP Source Code Flaws Top 10 Project
- OWASP Sprajax Project
- OWASP Sqlibench Project
- OWASP Stinger Project
- OWASP Teachable Static Analysis Workbench Project
- OWASP Tiger
- OWASP Tools Project
- OWASP Uniform Reporting Guidelines
- OWASP Webekci Project
- JBroFuzz
- OWASP SWAAT Project
- OWASP Secure Web Application Framework Manifesto
- OWASP Scrubbr
- OWASP JavaScript Sandboxes Project
- OWASP Joomla Vulnerability Scanner Project
- OWASP Hatkit Datafiddler Project
- OWASP Hatkit Proxy Project
- OWASP Fiddler Addons for Security Testing Project
- OWASP Forward Exploit Tool Project
- OWASP Fuzzing Code Database
- OWASP Cloud ‐ 10 Project
- OWASP Web Browser Testing System Project
- OWASP WebScarab Project
- OWASP Webslayer Project
- OWASP WSFuzzer Project
- OWASP Security Assurance Testing of Virtual Worlds Project
- OWASP WAF Project
- OWASP VFW Project
- OWASP SIMBA Project
- OWASP ONYX
- OWASP Java Uncertain Form Submit Prevention
- OWASP Ecuador
- OWASP ESOP Framework
- OWASP Alchemist Project
- OWASP Secure the Flag Project
- OWASP Browser Security ACID Test Project
- OWASP AJAX Crawling Tool
- OWASP Threat Modeling Project
- OWASP Crossword of the Month
- OWASP Secure Password Project
- OWASP Myth Breakers Project
- OWASP Project Partnership Model
- OWASP Browser Security Project
- OWASP Application Security Program for Managers
- OWASP Favicon Database Project
- OWASP Security JDIs Project
- OWASP File Hash Repository
- OWASP Crowdtesting
- OWASP Application Security Skills Assessment
- OWASP Common Numbering Project
- OWASP WhatTheFuzz Project
- OWASP Security Tools for Developers Project
- OWASP Proxy Project
- OWASP AW00t
- OWASP Framework Security Project
- OWASP Desktop Goat and Top 5 Project
- OWASP OVAL Content Project
- OWASP Software Security Assurance Process
- OWASP Application Fuzzing Framework Project
- OWASP Good Component Practices Project
- OWASP 1-Liner
- OWASP Java Project
- OWASP Web Application Security Accessibility Project
- OWASP OctoMS
- OWASP Java/J2EE Secure Development Curriculum
- OWASP Periodic Table of Vulnerabilities
- OWASP Droid Fusion
- OWASP iSABEL Proxy Server
- OWASP WS-Amplification DoS Project
- OWASP Windows Binary Executable Files Security Checks Project
- OWASP Wordpress Security Checklist Project
- OWASP Simple Host Base Incidence Detection System Project
- OWASP Unmaskme Project
- OWASP HA Vulnerability Scanner Project
- OWASP Pygoat Project
- OWASP Security Labeling System Project
- OWASP IoTs Project
- OWASP STeBB Project
- OWASP Ultimatum Project
OWASP Project Task Force
This task force is focused on OWASP Projects with a first focus on cleaning up the OWASP incubator list
Project Online Resources
This page is for OWASP project leaders and details some of the online services that have been found to be useful for OWASP projects.
How to Run a Successful Open Source Project
http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf
GitHub
OWASP is a registered Organisation on GitHub, a free, public directory of Free and Open Source Software and the contributors who create and maintain it.
If you manage an OWASP project you should:
- Register yourself on GitHub
- Request that your repository get created by a GitHub admin and that you are made an admin on the repository
- Check that the settings are correct for your repositor
Other Free Services
These are all free to open source projects.
- http://crowdin.net/ a translation and localization management platform
- https://scan.coverity.com/ C/C++/C# and Java static source code analysis
Other Paid For Services
Open for Suggestions and depending on your project budget and/or *Community Engagement Funding.
- Please note: Th cost may be covered by the Community Engagement Funding up to $500 if it meets the policy requirements.
If it is more than $500 or outside policy guidelines, it would require special approval by our Executive Director.
So you want to start a project...
Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.
Here are some of the guidelines for running a successful OWASP project:
- The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
- You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
- You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
- Available Grants to consider if you need funding - Click Here
- You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!
Creating a new project
The first thing you have to do if you want to start a new project is submit a new OWASP Project application. Please submit a new project application here.
- You will need to gather the following information together for your application:
A - PROJECT
- Project Name,
- Project purpose / overview,
- Project Roadmap,
- Project links (if any) to external sites,
- Project License,
- Project Leader name,
- Project Leader email address,
- Project Leader wiki account - the username (you'll need this to edit the wiki),
- Project Contributor(s) (if any) - name email and wiki account (if any),
- Project Main Links (if any).
- Check out the Guidelines for OWASP Projects.
- Grant Spending Policy
- Project Spending Policy
- Project Sponsorship Operational Guidelines
OWASP Recommended Licenses
Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?
Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.
OWASP is a collaborative initiative for the public good and most of its output is expected to be functional, rather than aesthetic. The problem OWASP tackles is so large that OWASP acknowledges a need to collaborate with the commercial world. Therefore, in order to become an OWASP Sponsored Project, you should be comfortable with:
- Allowing arbitrary uses for your work, for example for commercial purposes. (If you disagree, consider using CC-BY-NC.)
- Revealing to the world your project's source code (its form preferred for modification).
- Allowing your work, under certain conditions (see below), to be modified by others and redistributed. (If you disagree, consider using CC-BY-ND.)
Artifact | Under what conditions can your work be modified and redistributed? | |||
---|---|---|---|---|
As long as modifications are licensed in the same spirit | If credit is appropriately given to you | Under any circumstances | ||
Standalone Tool | Run locally |
|
|
|
Consumed over the network |
| |||
Library |
| |||
Document (includes E-Learning, presentations, books etc.) |
|
|
Funding your Project
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.
Project Release
As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:
- Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
- Link to your wiki page.
- Link to your code repository or a link to where readers can download your project.
- Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.
Project Process Forms
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.
- Project Transition Application:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.
- Project Review Application:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.
- Project Donation Application:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.
- Project Adoption Request:This form is used when someone is interested in adopting an archived project.
- Project Abandonment Request:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.
- Incubator Project Graduation Application:This application form is for Incubator Projects to apply for Labs Project status.
OWASP Project Lifecycle
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.
The OWASP Project Lifecycle is broken down into the following stages:
Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.
Labs Projects: OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.
Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.
OWASP Project Stage Benefits
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.
Incubator
- Financial Donation Management Assistance
- Project Review Support
- WASPY Awards Nominations
- OWASP OSS and OPT Participation
- Opportunity to submit proposal: $500 for Development.
- Community Engagement and Support
- Recognition and visibility of being associated with the OWASP Brand.
Labs
- All benefits given to Incubator Projects
- Technical Writing Support
- Graphic Design Support
- Project Promotion Support
- OWASP OSS and OPT: Preference
Flagship
- All benefits given to Incubator & Labs Projects
- Grant finding and proposal writing help
- Yearly marketing plan development
- OWASP OSS and OPT participation preference
For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.
OWASP Project Graduation
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.
OWASP Project Health Assessment
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
OWASP Project Deliverable/Release Assessment
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.
Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.
The Brand Usage Rules
OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.
The Brand Guideline documents and rules below provide details and instruction on how to use the OWASP logo and brand. The quick reference sheet goes over the basics of the OWASP brand logo and a brief overview of customizable options. The Brand Guidelines document gives the entire description of the OWASP brand, its public use, and the options to customize the logo based on personal desire. The guidelines cover the OWASP signature, size and spacing, colors, imagery, and typefaces.
Rules
The following rules make reference to the OWASP Materials, meaning any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.
- The OWASP Brand may be used to direct people to the OWASP website for information about application security.
- The OWASP Brand may be used in commentary about the materials found on the OWASP website.
- The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
- The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
- The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
- The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
- The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
- The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
- The OWASP Brand may be used by special arrangement with The OWASP Foundation.
Project Icons & Templates
The templates and icons below are the files used for our OWASP Projects. Here you will find icons that you can place on your wiki template to let viewers know what type of project they are looking at, and what stage the project is in. The operational OWASP Project wiki template can be copied onto another project page. If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance
OWASP Operational Wiki Template
OWASP Example Template: DO NOT EDIT
OpenSAMM
Construction:
Deployment:
Governance:
Verification:
Book Cover Files
Below you will find the Adobe Illustrator, Photoshop, and In-Design files for past OWASP Documentation books. You will need a copy of Adobe Creative Suite to edit these files. If you want to use these templates, but do not have Adobe Creative Suite, please contact the OWASP staff for assistance.
Download the Book Cover Zip File
|
|
---|---|
OWASP Project Infrastructure
- OWASP Project Lifecycle: The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.
- Incubator Project: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
- Labs Project: OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
- Flagship Project: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
- Project Benefits: The standard list of resources and incentives made available to project leaders based on their project's current maturity level.
OWASP Project Reviews
- Project Reviews: Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.
- Project Reviewer Pool: The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.
- Project Graduation: The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.
- Project Health Assessment: The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document.
- Project Release: A project release refers to the final deliverable a project produces. It is the final product of the project.
- Project Deliverable/Release Review: The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.
OWASP Projects Processes
- Project Processes: The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.
- Project Inception Process: The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.
- Project Donation Process: The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.
- Project Transition Process: The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.
- Project Abandonment Process: The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.
- Incubator Graduation Process: The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.
Projects at Conferences
- AppSec Conferences: OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.
- Open Source Showcase: The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.
- OWASP Project Track: The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.
OWASP Projects General
- OWASP Code of Ethics: The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the OWASP About page.
Donate to OWASP Global Projects
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.
This is how your money can help:
- $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
- $100 could help fund OWASP project demos at major conferences.
- $250 could help get our volunteer Project Leaders to speaking engagements.
Samantha Groves: OWASP Program Manager: OWASP Projects
|
|
---|---|
Samantha Groves is the Program Manager at OWASP for our Global Projects. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She is eager to begin her work at OWASP and help the organization reach its project completion goals.
Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor's degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate's degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha attained her Prince2 (Foundation) project management certification, and she undertook executive management training in Intellectual Property Strategy from Harvard Business School. . Please see the OWASP Program Manager: Projects Role Description for more information. |
Program Reports
2014
- Project Manager Report: January 10 2014
- Project Manager Report: January 17 2014
- Project Manager Report: January 25 2014
- Project Manager Report: January 31 2014
- Project Manager Report: February 07 2014
- Project Manager Report: February 16 2014
- Project Manager Report: February 21 2014
- Project Manager Report: February 28 2014
- Project Manager Report: March 07 2014
- Project Manager Report: March 14 2014
- Project Manager Report: March 21 2014 - No Report this week. PM was away at AppSec APAC 2014.
- Project Manager Report: March 28 2014
- Project Manager Report: April 04 2014
- Project Manager Report: April 11 2014
- Project Manager Report: April 18 2014
- Project Manager Report: April 25 2014
- Project Manager Report: May 02 2014
- Project Manager Report: May 09 2013 - No Report this week. On Holiday.
- Project Manager Report: May 16 2013 - No Report this week. On Holiday.
- Program Manager Report: May 23 2014
- Project Manager Report: May 30 2013 - No Report this week. On Holiday.
- Program Manager Report: June 06 2014
2013
- GPC Meeting: January 04 2013 Project Manager Report
- GPC Meeting: January 11 2013 Project Manager Report
- GPC Meeting: January 18 2013 Project Manager Report
- GPC Meeting: January 25 2013 Project Manager Report
- GPC Meeting: February 01 2013 Project Manager Report
- GPC Meeting: February 08 2013 Project Manager Report
- GPC Meeting: February 15 2013 Project Manager Report
- GPC Meeting: February 22 2013 Project Manager Report
- Project Manager Report: March 01 2013
- Project Manager Report: March 08 2013
- Project Manager Report: March 15 2013
- Project Manager Report: March 22 2013
- Project Manager Report: March 29 2013
- Project Manager Report: April 05 2013
- Project Manager Report: April 12 2013
- Project Manager Report: April 19 2013
- Project Manager Report: April 26 2013
- Project Manager Report: May 03 2013
- Project Manager Report: May 10 2013
- Project Manager Report: May 17 2013
- Project Manager Report: May 24 2013
- Project Manager Report: May 31 2013
- Project Manager Report: June 07 2013
- Project Manager Report: June 14 2013
- Project Manager Report: June 21 2013 - No Report this week. PM was away at a week long course.
- Project Manager Report: June 28 2013
- Project Manager Report: July 05 2013
- Project Manager Report: July 12 2013
- Project Manager Report: July 19 2013
- Project Manager Report: July 26 2013
- Project Manager Report: August 02 2013 - No Report this week. PM was away at Black Hat & DEFCON 2013.
- Project Manager Report: August 09 2013
- Project Manager Report: August 16 2013
- Project Manager Report: August 23 2013
- Project Manager Report: August 30 2013
- Project Manager Report: September 06 2013 - No Report this week. PM was away.
- Project Manager Report: September 13 2013
- Project Manager Report: September 20 2013
- Project Manager Report: September 27 2013
- Project Manager Report: October 04 2013
- Project Manager Report: October 12 2013
- Project Manager Report: October 18 2013
- Project Manager Report: October 25 2013
- Project Manager Report: November 01 2013
- Project Manager Report: November 08 2013
- Project Manager Report: November 15 2013
- Project Manager Report: November 22 2013 - No Report this week. PM was away at AppSec USA 2013.
- Project Manager Report: November 29 2013 - No Report this week. National Holiday.
- Project Manager Report: December 06 2013
- Project Manager Report: December 13 2013
- Project Manager Report: December 20 2013
2012
- GPC Meeting: August 24 2012 Project Manager Report
- GPC Meeting: September 07 2012 Project Manager Report
- GPC Meeting: September 14 2012 Project Manager Report
- GPC Meeting: September 21 2012 Project Manager Report
- GPC Meeting: September 28 2012 Project Manager Report
- GPC Meeting: October 05 2012 Project Manager Report
- GPC Meeting: October 12 2012 Project Manager Report
- GPC Meeting: October 19 2012 Project Manager Report
- GPC Meeting: November 09 2012 Project Manager Report
- GPC Meeting: November 16 2012 Project Manager Report
- GPC Meeting: November 30 2012 Project Manager Report
- GPC Meeting: December 07 2012 Project Manager Report
- GPC Meeting: December 14 2012 Project Manager Report
- GPC Meeting: December 21 2012 Project Manager Report
- GPC Meeting: December 27 2012 Project Manager Report
Board Meeting Reports
- Board Meeting: August 2012 Project Manager Report
- Board Meeting: September 2012 Project Manager Report
- Board Meeting: October 2012 Project Manager Report
- Board Meeting: November 2012 Project Manager Report
- Board Meeting: December 2012 Project Manager Report
- Board Meeting: January 2013 Project Manager Report
- Board Meeting: February 2013 Project Manager Report
- Board Meeting: March 2013 Project Manager Report
- Board Meeting: April 2013 Project Manager Report
- Board Meeting: May 2013 Project Manager Report
- Board Meeting: June 2013 Project Manager Report
- Board Meeting: July 2013 Project Manager Report
- Board Meeting: August 2013 Project Manager Report
- Board Meeting: September 2013 Project Manager Report
- Board Meeting: November 2013 Project Manager Report
- Board Meeting: December 2013 Project Manager Report
- Board Meeting: February 2014 Project Manager Report
- Board Meeting: April 2014 Project Manager Report
Project Funds
- Chapter and Individual Project Funds
- Project Reboot 2012 Information
- Q1 2013: Funds Allocated to Projects
- Q2 2013: Funds Allocated to Projects
- Q3 2013: Funds Allocated to Projects
- Q4 2013: Funds Allocated to Projects
Program Grants: Proposals Awarded
- Amount: $25,000 USD
- Status: Awarded. The first payment has been allocated to our project budgets. The second invoice has now been sent to Georgia Tech and payment has been received.
- OWASP Development Guide Plan
- OWASP Testing Guide Plan
- OWASP Code Review Guide Plan
- Google Grants Proposal
- Amount: $120,000 USD in Adwords Funds
- Status: Awarded.
- Note: There is no link to show the proposal for this grant. There was a form that was submitted to Google, and we did not receive a record of this form.
- Google Summer of Code
- Amount: $5,500
- Status: Awarded
- Projects breakdown:
- 4 ZAP Projects: $2,000
- 4 OWTF Projects: $2,000
- 1 PHP Security Project: $500
- 1 Hackademics Project: $500
- 1 Modsecurity Project: $500
- Note: Big thank you to Fabio Cerullo for coordinating and managing this award.
- Amount: $15,000 USD
- Status: Awarded.
- Total Funds Awarded: $172,170 USD for 2013.
Proposals Denied
- European Commission Grant Proposal
- Amount: €250,000
- Status: Denied.
- Amount: $112,000 USD
- Status: Denied
- Amount: $25,000 USD
- Status: Denied
- Amount: $30,000 USD
- Status: Denied
- Amount: $55,800 USD
- Status: Denied
Program Presentations: Projects
- OWASP Projects Presentation: Phoenix Chapter Talk
- OWASP Projects Webinar
- OWASP Project Infrastructure: Solutions
Program Manger's Quarterly Strategic Objectives
- Finish planning Project Summit & Execute Summit at AppSec USA.
- Develop & Finish Global Projects Strategy for 2014: Includes Budget
- Finish Fundraising Strategy for 2014: Includes Budget
- Ongoing Objectives for 2013
- Quarterly Report to DHS
- Continue helping leaders reach their grant required milestones
- Finalise graphic design delivery from Patrick: 2 pieces to go.
- Marketing: Work with Sarah to solicit feedback from community on Marketing deliverables and finalize relationship with Patrick and Denita.
- Project Review Process - Work with new Technical Project advisors to finalize project review criteria and process.
- Grants: Develop a grant strategy for rest of 2013 and 2014, utilizing fundraising intern(s) as part of this strategy.
- Ongoing Objectives for 2013
- Work with Project leaders to reach grant required milestones - ONGOING
- Develop a project charter outlining appropriate grant revenue spending and grant required milestones. - DUE IN SEPTEMBER - ONGOING
- Oversight of Marketing and Graphic Design deliverables (Phase 2/Phase 3) provided by 3rd party contractor
Contact the Program Manager
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Projects Manager, Samantha Groves.
OWASP Representation
- Samantha Groves: OWASP Program Manager: OWASP Projects
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Projects Manager, Samantha Groves.
Subcategories
This category has the following 132 subcategories, out of 132 total.
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
R
S
T
V
W
X
Y
Pages in category "OWASP Project"
The following 200 pages are in this category, out of 419 total.
(previous page) (next page)A
B
C
- Classic ASP Security Project
- GPC Project Details/OWASP Cloud ‐ 10 Project
- GPC Project Details/OWASP Code Crawler
- Code review
- OWASP Codes of Conduct
- Collaborate
- OWASP Common Numbering Project
- GPC Project Details/OWASP CBT Project
- Cornucopia - Ecommerce Website Edition - Wiki Deck
- OWASP Corporate Application Security Rating Guide
- OWASP Cross-Site Request Forgery Research Pool
- OWASP CSRFGuard Project/es
- CSRFProtector Project
E
G
H
J
M
O
- O-Saft
- O-Saft/Documentation
- OWASP O2 Platform Project - Project Identification
- Octoms
- Opa
- Projects/Opa
- OWASP OVAL Content Project
- OWASP - Cyber Security in the Boardroom
- OWASP 1-Liner
- OWASP A&D Project
- OWASP Academy Portal Project
- OWASP AJAX Crawling Tool
- OWASP Amass Project
- OWASP Androick Project
- OWASP Anti-Ransomware Guide Project
- OWASP API Security Project
- OWASP APK DISSECTOR
- OWASP Application Fuzzing Framework Project
- OWASP Application Security Curriculum
- OWASP Application Security Guide For CISOs Project
- OWASP Application Security Guide For CISOs Project v2
- OWASP Application Security Program Quick Start Guide Project
- OWASP AppSec Designer Security Functional Requirements & Countermeasures Libraries
- OWASP AppSec Pipeline
- OWASP Appsec Tutorial Series
- OWASP AppSensor Handbook
- OWASP AppSensor Project
- OWASP ASP.NET MVC Boilerplate Project
- OWASP Assimilation Project
- OWASP ASVS Assessment tool
- OWASP Attack Surface Detector Project
- OWASP Auth
- OWASP Automated Threats to Web Applications
- OWASP Autosploit Project
- OWASP Barbarus
- OWASP Basic Expression & Lexicon Variation Algorithms (BELVA) Project
- OWASP Best Practices in Vulnerability Disclosure and Bug Bounty Programs
- OWASP Broken Web Applications Project
- OWASP Browser Security Project
- OWASP Bug Logging Tool
- OWASP Bywaf Project
- OWASP Cheat Sheet Series
- OWASP Chinese Project
- OWASP CISO Survey Project
- OWASP Click Me Project
- OWASP Cloud Security Mentor
- OWASP Cloud Security Project
- OWASP Cloud Testing Guide
- OWASP Cloud-Native Application Security Top 10
- OWASP Code Project Template
- OWASP Code Pulse Project
- OWASP Container Security Verification Standard (CSVS)
- OWASP Cornucopia
- OWASP Counter Project
- OWASP Crossword of the Month
- OWASP Crowdtesting
- OWASP Cyber Defense Matrix
- OWASP D4N155
- OWASP Damn Vulnerable Crypto Wallet
- OWASP Damn Vulnerable Web Sockets (DVWS)
- OWASP DeepViolet TLS/SSL Scanner
- OWASP DefectDojo Project
- OWASP Dependency Check
- OWASP Dependency Track Project
- OWASP Desktop Goat and Top 5 Project
- OWASP DevSecOps Maturity Model
- OWASP DevSlop Project
- OWASP Documentation Project Template
- OWASP Droid Fusion
- OWASP Droid10 Project
- OWASP DVSA
- OWASP Ecuador
- OWASP EJSF Project
- OWASP Embedded Application Security
- OWASP Encoder Comparison Reference Project
- OWASP Example Incubator
- OWASP Excess XSS Project
- OWASP Faux Bank Project
- OWASP File Hash Repository
- OWASP Financial Information Exchange Security Project
- OWASP Find Security Bugs
- OWASP Focus
- OWASP Framework Security Project
- OWASP Game Security Framework Project
- OWASP Global Chapter Meetings Project
- OWASP Glue Tool Project
- OWASP Go Secure Coding Practices Guide
- OWASP Good Component Practices Project
- OWASP Google Assistant
- OWASP Guide Project
- OWASP H2H Tool Project
- OWASP HA Vulnerability Scanner Project
- OWASP Hackademic Challenges Project
- OWASP Hacking Lab
- OWASP Hacking-the Pentest Tutor Game
- OWASP Hive Project
- OWASP Honeypot Project
- OWASP ICS / SCADA Security Project
- OWASP iGoat Tool Project
- OWASP iMAS iOS Mobile Application Security Project
- OWASP Incident Response Project
- OWASP Information Security Metrics Bank
- OWASP Insecure Web Components Project
- OWASP Intelligent Intrusion Detection System
- OWASP Internet of Things Project
- OWASP IOT Analytics 4Industry4
- OWASP iSABEL Proxy Server
- OWASP ISO IEC 27034 Application Security Controls Project
- OWASP ISO Project
- OWASP Java Encoder Project
- OWASP Java File I O Security Project
- OWASP Java J2EE Secure Development Curriculum
- OWASP Java Uncertain Form Submit Prevention
- OWASP JavaScript Sandboxes
- OWASP JAWS Project
- OWASP JOTP Project
- OWASP JSEC CVE Details
- OWASP JSON Sanitizer
- OWASP Jupiter
- OWASP KALP Mobile Project
- OWASP Kates Project
- OWASP Knowledge Based Authentication Performance Metrics Project
- OWASP Knowledge Graph
- OWASP LAPSE Project
- OWASP Learning Platform Project
- OWASP Lock It
- OWASP Logging
- OWASP LWAF