This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Classic ASP Security Project

From OWASP
Revision as of 00:55, 13 June 2008 by Jcmax (talk | contribs) (Deliverables and Progress)

Jump to: navigation, search

Overview

Classic ASP 2.0 and 3.0 applications are still largely used as this technology is more than 10 years old and was largely used. there are thousands of sites on the wild that need guidance on the security arena. This is where OWASP can come up and provide help for “making the Web a better place” and continue spreading the word on security. I have always be a passionate of the technology (regardless of its inconveniences such as being old and DLL-hell prone) and I am really exited on the idea of sharing my knowledge of this area to the world and what best that though OWASP.

Objectives

Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries.

Deliverables and Progress

ActivityStatus
  • Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide.
In Progress - 5%
  • Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks
Done - Jun 8, 2008
  • Addition of expression for Code Review Tool to support Classic ASP applications
Done - Jun 12, 2008
  • Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
Not Started
  • This same module will compliment the OWASP Validation Documentation Project.
Not Started