This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Java Project Roadmap"
From OWASP
(→Ideas) |
|||
| Line 22: | Line 22: | ||
Please submit your ideas for the OWASP Java Project here: | Please submit your ideas for the OWASP Java Project here: | ||
| − | * | + | * It would be useful to have a library of J2EE security resources on the web. In addition to URLs, I think these should have short summaries that explain what the resource is about. I've clicked on far too many "J2EE Security" links only to find that the article is about implementing access control in Tomcat. |
| + | * A tool that automatically generates a security policy for a given application could be useful. The tool is first run in learning mode where it maps all the accesses that the application attempts and then generates a policy based on those access attempts. | ||
[[Category:OWASP Java Project]] | [[Category:OWASP Java Project]] | ||
Revision as of 20:14, 8 June 2006
Goals
The OWASP Java Project's overall goal is to...
Produce materials that show J2EE developers and deployers how to deal with most common application security problems throughout the lifecycle.
In the near term, we are focused on the following tactical goals:
- Provide examples of how to prevent Cross Site Scripting attacks in popular web frameworks
- Provide examples of how to prevent SQL Injection in popular data access frameworks
- Provide examples of how to prevent LDAP injection in Java
- A practical guide to implementing a security policy for a Java web application
- Secure configuration guides for popular application servers
Current Tasks
- Decide on the near term tactical goals
- Define this roadmap
Ideas
Please submit your ideas for the OWASP Java Project here:
- It would be useful to have a library of J2EE security resources on the web. In addition to URLs, I think these should have short summaries that explain what the resource is about. I've clicked on far too many "J2EE Security" links only to find that the article is about implementing access control in Tomcat.
- A tool that automatically generates a security policy for a given application could be useful. The tool is first run in learning mode where it maps all the accesses that the application attempts and then generates a policy based on those access attempts.
