This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP Project

From OWASP

Revision as of 23:24, 1 February 2009 by Yiannis (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team.

If you would like to start a new project please review the How to Start an OWASP Project guide. Please contact the Global Project Committee members to discuss project ideas and how they might fit into OWASP. All OWASP projects must be free and open and have their homepage on the OWASP portal. You can read all the guidelines in the Project Assessment Criteria.

Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the OWASP Project Mailing Lists page.

1 Release Quality Projects
2 Beta Status Projects
3 Alpha Status Projects
4 Current Summer of Code 2008 Projects
5 Inactive Projects

Release Quality Projects

Release quality projects are generally the level of quality of professional tools or documents.

We have started the process of defining detailed guidelines which indicate what will be required from an OWASP Project in order for it to be classified an OWASP Release quality project (see Project Assessment Criteria). Please note that not all the projects below have been evaluated under this criteria and might be re-classified once that process is completed.

Tools	Documentation
OWASP AntiSamy Project Java an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks OWASP AntiSamy Project .NET an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks. OWASP Live CD Project this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. OWASP WebGoat Project an online training environment for hands-on learning about application security OWASP WebScarab Project a tool for performing all types of security testing on web applications and web services	OWASP AppSec FAQ Project FAQ covering many application security topics OWASP Code Review Guide a project to capture best practices for reviewing code. OWASP Development Guide a massive document covering all aspects of web application and web service security OWASP Education Project a project to build educational tracks and modules for different audiences. OWASP Legal Project a project focused on providing contract language for acquiring secure software OWASP Ruby on Rails Security Guide V2 this Project is the one and only source of information about Rails security topics. OWASP Source Code Review for OWASP-Projects a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC). OWASP Testing Guide a project focused on application security testing procedures and checklists OWASP Top Ten Project an awareness document that describes the top ten web application security vulnerabilities

Tools

Documentation

OWASP AntiSamy Project Java: an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks

OWASP AntiSamy Project .NET: an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks.

OWASP Live CD Project: this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite.

OWASP WebGoat Project: an online training environment for hands-on learning about application security

OWASP WebScarab Project: a tool for performing all types of security testing on web applications and web services

OWASP AppSec FAQ Project: FAQ covering many application security topics

OWASP Code Review Guide: a project to capture best practices for reviewing code.

OWASP Development Guide: a massive document covering all aspects of web application and web service security

OWASP Education Project: a project to build educational tracks and modules for different audiences.

OWASP Legal Project: a project focused on providing contract language for acquiring secure software

OWASP Ruby on Rails Security Guide V2: this Project is the one and only source of information about Rails security topics.

OWASP Source Code Review for OWASP-Projects: a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC).

OWASP Testing Guide: a project focused on application security testing procedures and checklists

OWASP Top Ten Project: an awareness document that describes the top ten web application security vulnerabilities

Beta Status Projects

Beta quality projects are complete and ready to use with documentation.

We have defined what is required to reach Beta quality as an OWASP project (see Project Assessment Criteria). Not all projects have been evaluated yet under this criteria and might be re-classified once that process is completed. All projects starting with the OWASP Summer of Code 2008 have been assessed.

Tools	Documentation
OWASP Access Control Rules Tester Project this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool. OWASP CSRFGuard Project a J2EE filter that implements a unique request token to mitigate CSRF attacks OWASP DirBuster Project DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. OWASP Encoding Project a project focused on the development of encoding best practices for web applications. OWASP Enterprise Security API (ESAPI) Project a free and open collection of all the security methods that a developer needs to build a secure web application. OWASP JSP Testing Tool Project the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. OWASP LAPSE Project an Eclipse-based source-code static analysis tool for Java OWASP Live CD Education Project an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by OWASP Spring Of Code 2007 and Security Distro OWASP .NET Research a project focused on helping .NET developers build secure applications OWASP Pantera Web Assessment Studio Project a project focused on combining automated capabilities with complete manual testing to get the best results OWASP Report Generator a project giving security professionals a way to report and keep track of their projects OWASP Site Generator a project allowing users to create dynamic sites for use in training, web application scanner testing, etc... OWASP SQLiX Project a project focused on the development of SQLiX, a full perl-based SQL scanner OWASP Sqlibench Project this is a benchmarking project of automatic sql injectors related to dumping databases. OWASP Teachable Static Analysis Workbench Project this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype. OWASP Tiger OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested. OWASP WeBekci Project OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. OWASP WSFuzzer Project a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer	OWASP Application Security Verification Standard Project The ASVS defines a standard for conducting application security verifications. It covers both automated and manual approaches for assessing applications using both external testing and code review techniques. OWASP AppSensor Project A framework for detecting and responding to attacks from within the application. OWASP Backend Security Project This is a new project created to improve and to collect the existant information about the backend security. OWASP CLASP Project A project focused on defining process elements that reinforce application security OWASP Internationalization Project General guidelines to start a new translation project for OWASP site and projects. OWASP Spanish Project first translation effort to make OWASP site and project completely available in Spanish language. OWASP Tools Project the OWASP Tools Project's goal is to provide unbiased, practical information and guidance about application security tools. OWASP Securing WebGoat using ModSecurity Project the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code.

Tools

Documentation

OWASP Access Control Rules Tester Project: this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool.

OWASP CSRFGuard Project: a J2EE filter that implements a unique request token to mitigate CSRF attacks

OWASP DirBuster Project: DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

OWASP Encoding Project: a project focused on the development of encoding best practices for web applications.

OWASP Enterprise Security API (ESAPI) Project: a free and open collection of all the security methods that a developer needs to build a secure web application.

OWASP JSP Testing Tool Project: the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers.

OWASP LAPSE Project: an Eclipse-based source-code static analysis tool for Java

OWASP Live CD Education Project: an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by OWASP Spring Of Code 2007 and Security Distro

OWASP .NET Research: a project focused on helping .NET developers build secure applications

OWASP Pantera Web Assessment Studio Project: a project focused on combining automated capabilities with complete manual testing to get the best results

OWASP Report Generator: a project giving security professionals a way to report and keep track of their projects

OWASP Site Generator: a project allowing users to create dynamic sites for use in training, web application scanner testing, etc...

OWASP SQLiX Project: a project focused on the development of SQLiX, a full perl-based SQL scanner

OWASP Sqlibench Project: this is a benchmarking project of automatic sql injectors related to dumping databases.

OWASP Teachable Static Analysis Workbench Project: this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype.

OWASP Tiger: OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested.

OWASP WeBekci Project: OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework.

OWASP WSFuzzer Project: a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer

OWASP Application Security Verification Standard Project: The ASVS defines a standard for conducting application security verifications. It covers both automated and manual approaches for assessing applications using both external testing and code review techniques.

OWASP AppSensor Project: A framework for detecting and responding to attacks from within the application.

OWASP Backend Security Project: This is a new project created to improve and to collect the existant information about the backend security.

OWASP CLASP Project: A project focused on defining process elements that reinforce application security

OWASP Internationalization Project: General guidelines to start a new translation project for OWASP site and projects.

OWASP Spanish Project: first translation effort to make OWASP site and project completely available in Spanish language.

OWASP Tools Project: the OWASP Tools Project's goal is to provide unbiased, practical information and guidance about application security tools.

OWASP Securing WebGoat using ModSecurity Project: the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code.

Alpha Status Projects

Alpha quality projects are generally usable but may lack documentation or quality review.

We have started the process of defining detailed guidelines which indicate what will be required from an OWASP Project in order for it to be classified an OWASP Alpha quality project (see Project Assessment Criteria). Please note that the projects below have NOT been evaluated under this criteria and might be re-classified once that process is completed.

Tools	Documentation
OWASP CSRFTester Project gives developers the ability to test their applications for CSRF flaws OWASP EnDe Project This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web. OWASP Google Hacking Project Google SOAP Search API with Perl OWASP Insecure Web App Project a web application that includes common web application vulnerabilities OWASP JBroFuzz Project a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. This project was sponsored by OWASP Spring Of Code 2007 OWASP NetBouncer Project is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level. OWASP Open Review Project (ORPRO) a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. OWASP PHP AntiXSS Library Project reduce cross-site scripting vulnerabilities by encoding your output OWASP Proxy Project aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. OWASP Sprajax Project an open source black box security scanner used to assess the security of AJAX-enabled applications OWASP Stinger Project a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications OWASP Vicnum Project a lightweight vulnerable web application based on a game played to kill time which demonstrates common web application vulnerabilities such as cross site scripting OWASP Wapiti Project the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable OWASP Web 2.0 Project A place for advanced research of security in the Web 2.0 world OWASP Webslayer Project a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked OWASP Yasca Project Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools.	OWASP AIR Security Project investigating the security of AIR applications OWASP AJAX Security Guide investigating the security of AJAX enabled applications OWASP Anti-Malware Project describing common flaws in security designs OWASP Application Security Assessment Standards Project establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment OWASP Application Security Requirements OWASP Application Security Metrics Project identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security OWASP Best Practices: Use of Web Application Firewalls the document is aimed primarily at technical decision-makers, especially those responsible for operations and security OWASP Book Cover & Sleeve Design this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve. OWASP Career Development Project The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. OWASP Certification Criteria Project OWASP Certification Project our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. OWASP Communications Project OWASP Flash Security Project investigating the security of Flash applications OWASP Honeycomb Project a comprehensive and integrated guide to the fundamental building blocks of application security OWASP Member Packs/Conference Attendee Packs this is a project of corporate design to develop an Individual/Member Pack. OWASP Java Project a project focused on helping Java and J2EE developers build secure applications OWASP Logging Guide a project to define best practices for logging and log management OWASP PHP Project a project focused on helping PHP developers build secure applications OWASP Scholastic Application Security Assessment Project a project that is intended to be the first step towards integrating security requirements in academic course curriculum OWASP Security Spending Benchmarks provides insight to reduce operational appsec costs OWASP Source Code Flaws Top 10 Project a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review OWASP Validation Project a project that provides guidance and tools related to validation OWASP WASS Guide a standards project to develop more concrete criteria for secure applications OWASP Web Application Security Put Into Practice real-world web application security for Ruby on Rails, Apache and MySQL OWASP XML Security Gateway Evaluation Criteria a project to define evaluation criteria for XML Security Gateways OWASP on The Move Project a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings. OWASP Speakers Project a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings. OWASP Fuzzing Code Database a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements.

Tools

Documentation

OWASP CSRFTester Project: gives developers the ability to test their applications for CSRF flaws

OWASP EnDe Project: This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web.

OWASP Google Hacking Project: Google SOAP Search API with Perl

OWASP Insecure Web App Project: a web application that includes common web application vulnerabilities

OWASP JBroFuzz Project: a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. This project was sponsored by OWASP Spring Of Code 2007

OWASP NetBouncer Project: is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level.

OWASP Open Review Project (ORPRO): a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around.

OWASP PHP AntiXSS Library Project: reduce cross-site scripting vulnerabilities by encoding your output

OWASP Proxy Project: aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch.

OWASP Sprajax Project: an open source black box security scanner used to assess the security of AJAX-enabled applications

OWASP Stinger Project: a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications

OWASP Vicnum Project: a lightweight vulnerable web application based on a game played to kill time which demonstrates common web application vulnerabilities such as cross site scripting

OWASP Wapiti Project: the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable

OWASP Web 2.0 Project: A place for advanced research of security in the Web 2.0 world

OWASP Webslayer Project: a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked

OWASP Yasca Project: Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools.

OWASP AIR Security Project: investigating the security of AIR applications

OWASP AJAX Security Guide: investigating the security of AJAX enabled applications

OWASP Anti-Malware Project: describing common flaws in security designs

OWASP Application Security Assessment Standards Project: establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment

OWASP Application Security Requirements

OWASP Application Security Metrics Project: identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security

OWASP Best Practices: Use of Web Application Firewalls: the document is aimed primarily at technical decision-makers, especially those responsible for operations and security

OWASP Book Cover & Sleeve Design: this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve.

OWASP Career Development Project: The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field.

OWASP Certification Criteria Project

OWASP Certification Project: our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers.

OWASP Communications Project

OWASP Flash Security Project: investigating the security of Flash applications

OWASP Honeycomb Project: a comprehensive and integrated guide to the fundamental building blocks of application security

OWASP Member Packs/Conference Attendee Packs: this is a project of corporate design to develop an Individual/Member Pack.

OWASP Java Project: a project focused on helping Java and J2EE developers build secure applications

OWASP Logging Guide: a project to define best practices for logging and log management

OWASP PHP Project: a project focused on helping PHP developers build secure applications

OWASP Scholastic Application Security Assessment Project: a project that is intended to be the first step towards integrating security requirements in academic course curriculum

OWASP Security Spending Benchmarks: provides insight to reduce operational appsec costs

OWASP Source Code Flaws Top 10 Project: a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review

OWASP Validation Project: a project that provides guidance and tools related to validation

OWASP WASS Guide: a standards project to develop more concrete criteria for secure applications

OWASP Web Application Security Put Into Practice: real-world web application security for Ruby on Rails, Apache and MySQL

OWASP XML Security Gateway Evaluation Criteria: a project to define evaluation criteria for XML Security Gateways

OWASP on The Move Project: a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings.

OWASP Speakers Project: a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings.

OWASP Fuzzing Code Database: a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements.

Current Summer of Code 2008 Projects

The projects placed in this category are under development. After the Season Code being finished, all projects will be moved to the appropriate category - alpha, beta or release quality. See all the projects that are waiting for completion by clicking here.

Inactive Projects

The criteria is still being developed.

Tools	Documentation
OWASP CAL9000 Project a JavaScript based web application security testing suite OWASP Interceptor Project A testing tool for XML web service and Ajax interfaces.	OWASP Corporate Application Security Rating Guide This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.

Tools

Documentation

OWASP CAL9000 Project: a JavaScript based web application security testing suite

OWASP Interceptor Project: A testing tool for XML web service and Ajax interfaces.

OWASP Corporate Application Security Rating Guide: This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.

How to add a new OWASP Project article

You can follow the instructions to make a new OWASP Project article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the OWASP Project category:

[[Category:OWASP Project]]

Subcategories

This category has the following 132 subcategories, out of 132 total.

Pages in category "OWASP Project"

The following 200 pages are in this category, out of 419 total.

(previous page) (next page)

OWASP in Action: Tools for the DISA ASD STIG

A

B

C

D

E

F

OWASP Forward Exploit Tool Project

G

H

I

J

K

Key Project Information:OWASP PCI Project

M

O

(previous page) (next page)

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Project&oldid=52655"

Category:OWASP Project

Release Quality Projects

Beta Status Projects

Alpha Status Projects

Current Summer of Code 2008 Projects

Inactive Projects

How to add a new OWASP Project article

Subcategories

A

B

C

D

E

F

G

H

I

J

L

M

N

O

P

R

S

T

V

W

X

Y

Pages in category "OWASP Project"

A

B

C

D

E

F

G

H

I

J

K

M

O

Navigation menu

Search