This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:Scala"

From OWASP
Jump to: navigation, search
(Purpose)
(Secure Coding Libraries)
Line 80: Line 80:
 
| width="20" |  
 
| width="20" |  
 
| The first goal of the OWASP SonarQube Project is to a create a referential of check specifications targeting OWASP vulnerabilities that can be detected by SAST tools (Static Application Security Testing). From there, the second goal is to provide a reference implementations of most of those checks in the Open Source SonarQube language analyzers (<b>Java</b>, JavaScript, PHP and C#). SonarQube is an Open Source platform for managing code quality.
 
| The first goal of the OWASP SonarQube Project is to a create a referential of check specifications targeting OWASP vulnerabilities that can be detected by SAST tools (Static Application Security Testing). From there, the second goal is to provide a reference implementations of most of those checks in the Open Source SonarQube language analyzers (<b>Java</b>, JavaScript, PHP and C#). SonarQube is an Open Source platform for managing code quality.
|}
 
 
== Secure Coding Libraries ==
 
 
{| width="100%"
 
|-
 
| colspan="2" | [[OWASP_AppSensor_Project|OWASP AppSensor]]
 
|-
 
| width="20" | &nbsp;
 
| The AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement intrusion detection and automated response into applications.
 
|-
 
| colspan="2" | [[CSRFGuard|OWASP CSRFGuard]]
 
|-
 
| width="20" | &nbsp;
 
| CSRFGuard is a Java library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks.
 
|-
 
| colspan="2" | [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]]
 
|-
 
| width="20" | &nbsp;
 
| The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting.
 
|-
 
| colspan="2" | [[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer]]
 
|-
 
| width="20" | &nbsp;
 
| The OWASP HTML Sanitizer is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
 
|-
 
| colspan="2" | [[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
 
|-
 
| width="20" | &nbsp;
 
| The OWASP Security Logging project provides developers and ops personnel with APIs for logging security-related events. The aim is to let developers use the same set of logging APIs they are already familiar with from over a decade of experience with Log4J and its successors, while also adding powerful security features.
 
|-
 
| colspan="2" | [[OWASP_ESAPI|OWASP Enterprise Security API (ESAPI)]]
 
|-
 
| width="20" | &nbsp;
 
| ESAPI (The OWASP Enterprise Security API) for Java is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. This project has seen major updates as recently as February 2016.
 
 
|}
 
|}
  

Revision as of 19:02, 5 November 2017

About

The OWASP Scala and JVM Technology Knowledge Base is the clearing house for all information related to building secure web/distributed applications and services based on Java and JVM technologies. The focus of these pages is on guidance for developers and architects using Scala frameworks and JVM based technologies for Backend development

Purpose

  • Provide deep, rich guidance for Scala developers in using the security features of Scala frameworks.
  • Address security in relation to the Java Virtual Machine and derived technologies.
  • Guide system administrators in managing Scala and JVM related components and applications.
  • Create guidance for use of OWASP components that are designed for use with Scala or other JVM languages.
  • Focus on information about working with and on OWASP tools built using Scala or other JVM technologies.
  • Provide a stream of security related information, like vulnerabilities and security patches, related to the Scala and JVM universe.
  • Build an ecosystem allowing to all actors interested to discuss, share and learn.

Licensing

OWASP Java™ and JVM Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Oracle® and Java™ are trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

What's Hot!

See the "Tasks and Roadmap" tab for more information.

Wiki Pages Review Operation - 2015/2016

OWASP Java Wiki logo.png


Meta

Last Update: 11/5/2017


Other Resources

Mailing List

GitHub (OWASP)


Related Projects

Roadmap

  • Wiki Pages Review Operation - 2016 General review of all Java and JVM related pages in the wiki.
  • Build Java and JVM security related net resources guide
  • The OWASP Java and JVM Technology Knowledge Base is principally about creating deep, rich guidance for Java and JVM developers using all kind of security resources. The idea is to have an effort of building a internet resource guide for everything around the JVM universe. Information, blogs, articles, tools, test servers and more. Important however is that this list is seriously curated.
  • Concrete guideline for Java and JVM developers
  • Clear checklists, around various topics, language, servers and frameworks.


The first step would be to establish contact with the project leaders and/or the entire team. This can be done using a direct and private message, or by joining the public mailing list to say hello.

When it comes to participating in project activities, everything depends on the time you are willing and able to invest. It is however very important to not jump into too many things at the beginning, later having to back out or to let unfinished things behind you. It is much better to start with small tasks, increasing intensity and investment over time.

Please also be patient with expecting the "merge" of your work into the existing project pages and code. As everywhere in live, trust has to be built-up.

The Java and JVM knowledge base has currently multiple tasks open, which can be found on the adequate section of this page. Not all tasks require a wiki account. Please take something you are interested in and start participating. Work load is not the only outcome when participating in open projects. You are getting a lot of things back: recognition, satisfaction, knowledge and contacts, sometime friends.

Sounds cool? Then jump in...

To get involved join the mailing list, follow this link: OWASP Java and JVM Mailing List



The previous version of this JAVA Project home page is archived here: OWASP Java Project Archive (8.2010)









IMPORTANT: all pages of these project are currently under review. A lot are outdated and are in the process of being removed or updated. The review effort is coordinated on this page: Wiki Pages Review Operation - 2015/2016.


(The pages in the "old" category "OWASP Java Project" have to be moved into the category "Java". Work is in progress).

no pages or subcategories

Pages in category "Scala"

This category contains only the following page.