This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Category:OWASP Java Project"

Jump to: navigation, search
(removing python note since it has no bearing on this page)
m (Shifting the JAVA/JVM pages from a "project" status to a "wiki pages" status, as discussed with the OWASP board)
Line 1: Line 1:
<div style="width:100%;border:0,margin:0;overflow: hidden;">[[File:OWASP_Java_Project_Header.png|link=]]</div>
#REDIRECT [[:Category:Java]]
= Main =
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
== About ==
The OWASP Java™ and JVM Project is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of the project is on guidance for developers and architects using Java frameworks and JVM based technologies for web application development, on OWASP components that use Java and on participation in OWASP projects that use Java and JVM technologies. Moreover, we aim to provide security related guidance for system administrators managing Java and JVM based applications and tools.
The project is not limited to Java. It aims to also address topics around the JVM in general.
Community content is key to security information. The project depends on content from developers throughout the Java and JVM ecosystem.
* Provide deep, rich guidance for Java developers in using the security features of Java and of Java frameworks.
* Address security in relation to the Java Virtual Machine and derived technologies.
* Guide system administrators in managing Java and JVM related components and applications.
* Create guidance for use of OWASP components that are designed for use with Java or other JVM languages.
* Focus on information about working with and on OWASP tools built using Java or other JVM technologies.
* Provide a stream of security related information, like vulnerabilities and security patches, related to the Java and JVM universe.
* Build an ecosystem allowing to all actors interested to discuss, share and learn.
== Licensing ==
OWASP Java™ Project is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
Oracle® and Java™ are [|registered trademarks of Oracle] and/or its affiliates. Other names may be trademarks of their respective owners.
== What's Hot! ==
See the "Tasks and Roadmap" tab for more information.
[[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
== Team ==
Lead: (under discussion with board)
== Meta ==
Last Update: 12/2015
== Other Resources ==
[ Mailing List]
[ GitHub (OWASP)]
== Related Projects ==
* [[OWASP_Project|Main Project Repository]]
* [[Language|Languages Repository]]
* [[OWASP_.NET_Project|OWASP .NET]]
* [[OWASP_Ruby_Project|OWASP Ruby]]
* [[OWASP_Python_Project|OWASP Python]]
* [[OWASP_C/C++_Project|OWASP C/C++]]
* [[OWASP_SQL_Project|OWASP SQL and PL/SQL]]
* [[OWASP_Internet_of_Things_Project|OWASP IoT Security]]
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security]]
| valign="top"  style="padding-left:25px;width:200px;" |
  {| width="200" cellpadding="2"
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=]]
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=]]
  | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
= Project and OWASP Resources =
{| style="padding:0; margin:0; margin-top:10px; text-align:left; width:100%;" |-
| valign="top" style="border-right: 1px dotted gray; padding-right:25px; width:30%; float:left;" |
== Mailing List ==
[ OWASP Java and JVM Project Mailing List]
| valign="top" style="padding-left:25px; width:30%; min-width:30%; border-right:1px dotted gray; padding-right:25px; float:left;" |
== Twitter Feed ==
[ Twitter, OWASP]
| valign="top" style="padding-left:25px; width:30%; float:left;" |
== Code Repository ==
[ GitHub OWASP Global Repository]
== Related Project Resources ==
[[OWASP_Project|Main Project Repository]]
[[Language|Programming Languages Repository]]
[[OWASP_.NET_Project|OWASP .NET Project]]
[[OWASP_C/C++_Project|OWASP C/C++ Project]]
[[OWASP_Ruby_Project|OWASP Ruby Project]]
[[OWASP_PHP_Project|OWASP PHP Project]]
[[OWASP_Python_Project|OWASP Python Project]]
[[OWASP_SQL_Project|OWASP SQL and PL/SQL Project]]
[[OWASP_DevSec_Project|OWASP DevSec Project]]
[[OWASP_Internet_of_Things_Project|OWASP IoT Security Project]]
[[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
= Project Pages =
== Tools Chain ==
{| width="100%"
| colspan="2" | [[OWASP_SonarQube_Project|OWASP SonarQube Project]]
| width="20" | &nbsp;
| The first goal of the OWASP SonarQube Project is to a create a referential of check specifications targetting OWASP vulnerabilities and that can be detected by SAST tools (Static Application Security Testing). From there, the second goal is to provide a reference implementations of most of those checks in the Open Source SonarQube language analysers (Java, JavaScript, PHP and C#). SonarQube is an Open Source platform for managing code quality.
| colspan="2" | &nbsp;
| colspan="2" | [[OWASP_Dependency_Check|OWASP Dependency Check]]
| width="20" | &nbsp;
| Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java, .NET, Ruby, Node.js, and Python projects are supported.
== Libraries ==
{| width="100%"
| colspan="2" | [[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer]]
| width="20" | &nbsp;
| The OWASP HTML Sanitizer is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
| colspan="2" | &nbsp;
| colspan="2" | [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]]
| width="20" | &nbsp;
| The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting.
== General Documents ==
{| width="100%"
| [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]
| [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
| [[Cheat_Sheets|OWASP Cheat Sheets Series]]
| [[OWASP_Testing_Project|OWASP Testing Project]]
| [[OWASP_Top_Ten_Project|OWASP Web Top 10]]
| [[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory]]
== Retired, Inactive or Outdated Projects ==
{| width="100%"
| colspan="3" | [[|OWASP ESAPI Project Java Implementation]]
| width="20" | &nbsp;
| The Java and Java EE implementation of ESAPI Project is outdated and integrates various security issues, according to the bug tracker. It is strongly recommended to not employ this library in production code anymore and use alternative OWASP libraries instead. It still is useful for learning purposes.
| width="20" | &nbsp;
| [[|Bug Tracker]]
= Tasks and Roadmap =
== Ongoing Operations ==
{| width="100%"
| colspan="2" | [[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]]
| width="20" | &nbsp;
| General review of all Java and JVM related pages in the wiki.
== Upcoming Operations ==
None at the moment. Everything is ongoing or in early idea state.
== Ideas ==
If you have ideas for new operations, documentations, documents, projects, please drop a line on the mailing list or in a mail to project team.
{| width="100%"
| colspan="2" | Java and JVM security related net resources guide
| width="20" | &nbsp;
| The OWASP Java Project is principally about creating deep, rich guidance for Java and JVM developers using all kind of security resources. The idea is to have an effort of building a internet resource guide for everything arounf the JVM universe. Information, blogs, articles, tools, test servers and more. Important however is that this list is seriously curated.
| colspan="2" | &nbsp;
| colspan="2" | Concrete guidline for Java and JVM developers
| width="20" | &nbsp;
| Clear checklists, around various topics, language, servers and frameworks.
== Archived Operations ==
None at the moment.
= Get involved =
There are many ways of getting involved in an OWASP Documentation projects.
The first step would be to establish contact with the project leaders and/or the entire team. This can be done using a direct and private message, or by joining the public mailing list to say hello.
When it comes to participating in project activities, everything depends on the time you are willing and able to invest. It is however very important to not jump into too many things at the beginning, later having to back out or to let unfinished things behind you. It is much better to start with small tasks, increasing intensity and investment over time.
Please also be patient with expecting the "merge" of your work into the existing project pages and code. As everywhere in live, trust has to be built-up.
The Java and Project has currently multiple tasks open, which can be found on the adequate section of this page. Not all tasks require a wiki account. Please take something you are interested in and start participating.
Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.
Sounds cool? Then jump in...
To get involved join the mailing list, follow this link: [ OWASP Java and JVM Mailing List]
= Project Archives =
The previous version of this JAVA Project home page is archived here: [[OWASP Java Project Archive (8.2010)]]
The category 'Java' should not be employed. Please use the category '<nowiki>[[Category:OWASP_Java_Project]]</nowiki>' instead.
<categorytree mode=pages style="display: block;">Java</categorytree>
=Project About=
{{Template:Project About
| project_name =OWASP Java Project
| project_description = The OWASP Java™ and JVM Project is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies.
| project_license =CC-BY 3.0 for documentation and GPLv3 for code. Oracle® and Java™ are trademarks of Oracle and/or its affiliates.
| leader_name1 =
| leader_email1 =
| leader_username1 =
| contributor_name1 =
| contributor_email1 =
| contributor_username1 =
| mailing_list_name =
| links_url1 =
| links_name1 =
| links_url2 =
| links_name2 =
<headertabs />
'''IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated.''' The review effort is coordinated on this page: [[OWASP Java Project WIPRO 1 2015|Wiki Pages Review Operation - 2015/2016]].
<!-- Wikimedia insert 'Category:OWASP Java Project' classified list here -->
[[Category:OWASP Project]] 
[[Category:OWASP Document]]
[[Category:OWASP Download]]

Revision as of 08:15, 20 January 2016

Redirect to:

Media in category "OWASP Java Project"

This category contains only the following file.