This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Secure Software Development Lifecycle Project"
From OWASP
m (→Presentation) (Tag: Visual edit) |
(→Main) (Tag: Visual edit) |
||
Line 187: | Line 187: | ||
(3)SecDevOps | (3)SecDevOps | ||
+ | |||
+ | (4)OpenRASP | ||
|2017Q2-Q4 | |2017Q2-Q4 | ||
|RIP | |RIP | ||
+ | BaiDu,Inc | ||
|(1)Best Practice of S-SDLC security Deployment | |(1)Best Practice of S-SDLC security Deployment | ||
Line 195: | Line 198: | ||
(3)Security Baseline for deployment and devops | (3)Security Baseline for deployment and devops | ||
|OWASP AppSensor | |OWASP AppSensor | ||
+ | OpenRASP | ||
|} | |} | ||
Line 479: | Line 483: | ||
(3)SecDevOps | (3)SecDevOps | ||
+ | |||
+ | (4)OpenRASP | ||
|2017Q2-Q4 | |2017Q2-Q4 | ||
|RIP | |RIP | ||
Line 487: | Line 493: | ||
(3)Security Baseline for deployment and devops | (3)Security Baseline for deployment and devops | ||
|OWASP AppSensor | |OWASP AppSensor | ||
+ | OpenRASP | ||
|} | |} | ||
+ | |||
+ | <nowiki>*</nowiki>About OpenRASP | ||
+ | |||
+ | Unlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including database queries, file operations and network requests etc. | ||
+ | |||
+ | When an attack happens, WAF matches the malicious request with its signatures and blocks it. OpenRASP takes a different approach by hooking sensitive functions and examines/blocks the inputs fed into them. As a result, this examination is context-aware and in-place. It brings in the following benefits: | ||
+ | |||
+ | 1. Only successful attacks can trigger alarms, resulting in lower false positive and higher detection rate; | ||
+ | |||
+ | 2. Detailed stack trace is logged, which makes the forensic analysis easier; | ||
+ | |||
+ | 3. Insusceptible to malformed protocol. | ||
+ | |||
+ | Detailed documents available on github. | ||
Involvement in the development and promotion of the OWASP Secure Software Development Lifecycle Project is actively encouraged! | Involvement in the development and promotion of the OWASP Secure Software Development Lifecycle Project is actively encouraged! |