| what
|
is this project?
|
| Name: OWASP Alchemist Project (home page)
|
Purpose:
- A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws. Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE (Spring/Struts) with security built into it right from the inception, step-by-step as it falls under an SDLC. Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:
- Security Requirements,
- Threat Risk Modeling,
- Use and Abuse Cases,
- Secure Coding Guideline,
|
| License: GNU General Public License
|
| who
|
is working on this project?
|
| Project Leader(s):
|
| how
|
can you learn more?
|
| Project Pamphlet: View
|
| Project Presentation:
|
| Mailing list: Mailing List Archives
|
| Project Roadmap: View
|
| Key Contacts
|
|
|
|
|
|
