This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP Spring Of Code 2007"

Jump to: navigation, search
Line 42: Line 42:
! [[SpoC 007 - Attacks Reference Guide|Attacks Reference Guide]]
! [[SpoC 007 - Attacks Reference Guide|Attacks Reference Guide]]
| NSRAV Security Research Group
| NSRAV Security R&D
| 5,000
| 5,000
Line 162: Line 162:
== Overview ==
== Overview ==

Revision as of 16:30, 13 September 2007

Main Links


16 July 2007 – OWASP is funding over 27 new application security projects this Spring with over $115,000. There are a variety of tools, documents, and other projects in the works. These projects are well underway and are targeted to be complete by the end of October. Congratulations to all the participants - everyone is looking forward to your work!

Following the closing of the submissions see, below, the table of results

Table of results - All SpoC Projects

SpoC Project Name Author Value (US$)
The OWASP Web Security Certification Framework Mark Curphey 20,000
SqlMap Bernardo Damele 2,500
OWASP Site Generator Boris 7,000
Attacks Reference Guide NSRAV Security R&D 5,000
The Scholastic Application Security Assessment Project Eric Sheridan and

Dr. Goran Trajkovski

Inspekt: Input filtering and validation library for PHP Ed Finkler 5,000
Code review Project Eoin Keary 5,000
OWASP Certification Project Matteo Meucci 5,000
OWASP Education Project Sebastien Deleersnyder 5,000
OWASP The Anti-Samy Project Arshan Dabirsiaghi 5,000
Security throughout the SDLC Keith Casey 3,000
OWASP WebGoat Solutions Guide Erwin Geirnaert 2,500
OWASP WeBekci Project Bunyamin Demir 2,500
Python Tainted Mode Denis 2,500
WebScarab NG Security Test Automation Darren Edmonds 2,500
Refresh Attacks list Przemyslaw 'rezos' Skowron 2,500
Best Practices & Countermeasures Jim 2,500
OWASP brand Paulo Coimbra 2,500
Web Application Security put into practice Heiko Webers 2,500
OWASP JBroFuzz Project Subere 2,500
Owasp Orizon Project Paolo Perego 2,500
Enigform: Firefox Addon for OpenPGP signing of HTTP requests Arturo (Buanzo) Busleiman 2,500
OWASP LiveCD Education Project Josh Sweeney 2,500
OWASP Java Project Erwin Geirnaert 2,500
OWASP LiveCD Project Joshua Perrymon 2,500
Interim @ Aspect Offices Andy Gocke 10,000
Help with SpoC project management Paulo Coimbra 2,500


290px-OWASP SpoC2007 Logo.jpg

The OWASP Spring of Code 2007 (SpoC 007) aims to financially sponsor contributions to OWASP Projects. SpoC 007 follows up the successful AoC 06 (OWASP Autumn Of Code 2006) in which 9 projects were sponsored and greatly improved.

The objective of SpoC 007 is to allow contributors to allocate considerable resources on (existent or new) OWASP projects which are relevant and benefitial to the OWASP community.

The initial Budget for SpoC 007 will be $110,000 USD, and it is funded by OWASP (using current membership fees and profits from past conferences) and newly joined members (currently SPI Dynamics and EDS). In parallel with the Request for Proposals OWASP is also doing a membership drive where all membership fees commited during that period will be allocated to SpoC 007 projects (the new members have the option to chose which projects they would like to sponsor)

The SpoC 007 structure and organization is very similar to the AoC 06 (see OWASP Autumn Of Code 2006, OWASP Autumn of Code 2006 - Applications and OWASP Autumn of Code 2006 - Selection for more details.) whereby the major changes are: Bigger budget (with a $20,000 USD sponsorship), the special project: "10 Donations to Open Source projects" and an Intership

The OWASP Spring Of Code 2007 was launched on the 14th of March 2007 (see OWASP Spring Of Code 2007 : Press Release) and is not connected to the Google Summer of Code.

For more details please contact Dinis Cruz (dinis.cruz at owasp dot net) directly.

SpoC 007 Budget

The current budget is $110,000 USD (subject to increase pending new memberships):

  • Funding sources:
    • $92,000 USD - OWASP
    • $9,000 USD - SPI Dynamics (to be allocated to OWASP SiteGenerator project)
    • $9,000 USD - EDS
  • Proposed budget allocation
    • $20,000 on 1 Large project
    • $50,000 on Big projects - 10 projects @ $5,000 each
    • $20,000 on Medium projects - 8 projects @ $2,500 each
    • $10,000 on 1 internship (at Aspect's offices)
    • $10,000 on Donations to Open Source projects: 10 donations of $1,000 each

Projects will be managed by the OWASP Project leader. Oversight will be provided by Andrew van der Stock, Jeff Williams, Dinis Cruz, and/or Dave Wichers.

Payments can be made via Wire Transfer, US Check or PayPal in 2 stages: 50% halfway and 50% on completion.

Note: the proposed budget allocation is just a guideline and the final values will be adjusted based on the sucessful proposals.

Who Can Apply?

There are no geographical, age or any other form of restrictions of who can apply for an "OWASP Spring Of Code 2007" sponsorship.

The only requirement is that the candidate shows the potential to accomplish the project's objectives and the commitment to dedicate the time required to complete it in the allocated time frame (projects must be completed by 9th July 2007).

This means that current active OWASP Project contributors (including Project leaders) can apply (for obvious reasons, the only ones that can't apply are Dinis, Dave, Jeff and Andrew)

How To Participate

Select a project you want to work on and write a proposal :)

For ideas on projects that OWASP is looking to sponsor see the current list of Category:OWASP_Projects and the OWASP Spring Of Code 2007 Project Ideas page

To submit a project, you will need to submit it (i.e. post it) on the OWASP Spring Of Code 2007 Applications page (DON'T send your propoposal direcly). Note that no sensitive personal details should be posted in that page (full name, address, credit cards, SSN, ATM pin numbers, private PKI keys, etc...).

Once you are happy with it, send an email to Dinis Cruz (dinis.cruz at owasp dot net) with the following details:

  • Link to your proposal
  • Contact details
  • Additional information about your proposal (for example in the AoC some proposals were supported by a PDF with additional details)

Dinis (and the relevant project leader) can also be contacted to discuss issues related to SpoC 007 applications (for example project ideas, review of draft proposals, etc...)


Main dates

  • 14th March – 'OWASP Spring of Code' initiative is officially launched
  • 9th April - Deadline for project proposals
  • 17th April - Publish of selected projects and start of SpoC projects
  • 9th July - Project Completion, participants to deliver final project report (and receive payment of final 50%)

Project milestones

  • 1st April - Start of Vote for the Donations to Open Source Projects
  • 30th April - End of Vote for the Donations to Open Source Projects
  • 16th May - Update of Project status on OWASP Conference in Italy
  • 17th May - Announcement of the winners of the '10 Donations to Open Source projects' on OWASP Conference in Italy
  • 21st May - Participants to report on project status (and receive payment of initial 50%)

Special Project: 10 $1,000 USD grants to Open Source projects

As part of the SpoC 007 budget, OWASP will distribute 10 $1,000 USD grants to 10 Open Source projects selected as very usefull by the OWASP community.

These grants are a no-strings attached "Thanks for the hard work in creating this tool (which is widely used and appreciated in the OWASP community) and please keep working on the next version".

OWASP Members (and only the members) will be asked to vote on the top 10 Open Source projects they use regularly and find useful. Each corporate member vote will be count for 10 points and each individual members vote count for 1 point.

The payments will be be made to the top 10 scored projects.

Of course that OWASP projects are excluded from the voting since they can apply to SpoC 007 directly.

In the future (i.e. when enough budget is avaialble), OWASP would like to extend this Special Project to include a a $10,000 USD (per project) source code review exercise.

Membership Drive, Specific project sponsorship and match funding

As part of the SpoC 007 initiative OWASP would like to invite individuals and companies that benefit from OWASP projects to join OWASP as a member (see Membership for more details). In addition to the current Membership benefits, new members will be able to allocate their membership fees to projects that are interrested in (for example SPI Dynamics is sponsoring the OWASP SiteGenerator project).

Specific project sponsorship

In addition, if your (i.e. your company) has a particular requirement which a current OWASP project has the potential to fulfill, and you realize that it will be cheaper for you to sponsor that project with a couple of developers, please contact Dinis Cruz with your requirements, ideas, time-scales and budget.

Match Funding

Another alternative will be to 'match fund' OWASP project sponsorships, for example project XYZ gets a sponsorship of $30,000 USD with 15,000 from OWASP and 15,000 from an interrested party

The Rules bit

  • By participating and submiting your application you authorize OWASP to publicize your participation in the program and the results of the program for the purposes of executing on program logistics, including but not limited to announcements of accepted proposals, the text of the accepted proposal and the resulting code from work on the project. Additional details solicited by OWASP as part of the application process, including URLs for personal blogs, will be shared with the public with the accepted applicant's permission.
  • All project's deliverables will be publicly hosted by OWASP.
  • All code / materials created by the participants must be released under an Open Source Initiative approved license. The participant may mirror development on her/his personal infrastructure at her/his option.
  • OWASP reserves the right, at its sole discretion, to revoke any and all privileges associated with participating in this program, and to take any other action it deems appropriate, for no reason or any reason whatsoever. OWASP reserves the right to cancel, terminate or modify the program if it is not capable of completion as planned for any reason.
  • Participants and OWASP is free to use the results, including code, of the OWASP Spring of Code Program in any way they choose provided it is not in conflict with the license under which the code was developed.
  • Basically, if you don't deliver you will NOT be paid
  • No member of the OWASP board is allowed to apply to a SpoC sponsorship (Dinis, Dave, Andrew and Jeff)

The important bit

  • yes there will be a t-shirt available for all participants