This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Zezengorri Code Project"

From OWASP
Jump to: navigation, search
(Main)
(Edicion)
 
(29 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
 
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
==OWASP Code Library Project==
+
==OWASP Code Library Project ==
This  is   Zezengorri  a   library   to  allows   you   to   add   security   in  the  development   IDE   from   the day   one,  of  the   moment   you   decide   implement   security  development   to   your   projects, starting  in  design  phase  of    new projects,  and  in old projects for  see  what  you  miss  detecting the  vulnerabilities   of   the  web   server,  the  computer  and   the   programming   language   before starting   the   development   on  in  parallel   with  the   Lifecycle  software  development.
+
'''Zezengorri''' is a library that allows you to add security to your development IDE from day one. From the moment you decide to implement secure development to your projects.
 +
 
 +
You can start either while designing your new projects or implement it in old projects. You can use it to detect vulnerabilities of your web server and the programming language even before starting the development parallel to the system development life circle.
  
 
==Description==
 
==Description==
When  developers,   team   leaders   or   project   managers   add   security   to   a   web   application,   the   first thing  that   comes   up  is   the  question  of  which   technologies   are  handled  in   my  web   project,   what operating   system   the   web   server   supports,  what  version   of  server   or   what  version  of  the database   the  application  uses,   for  this  Owasp  define  the  threat   modeling   (knowing  what  we have).
+
Whenever developers, team leaders or project managers add security to a web application, the first question that comes to mind is which technologies will be implemented in the web project, what operating system is supported by the web server and on which version the server or database runs. For these reasons, OWASP defined a threat modeling document.  
  
This   project   Zezengorri   is   a   code   library   is   a   downloadable   package   that   adheres   to   the   root   of the   web   project,   and   from   them   this   can,   analyzes   and   seeks   to   collect   in   a   simple   web   page   the characteristics   of   all   the   security   components   for   examples:   if   our   website   uses   or   not   HSTS,   the versions   of   Chipset   active,   the   use   of   SSL   certificate   for   the   web   page   among   other   securities characteristics   important   measure   in   the   during   the   life   cycle   development   software   .   Each   of these   item   is   display   in   a   new   web page   in   a   list   of   item   any   show   if   is   active   or   not,   the   version   of the   plugin   and   a   web link.   That   links   redirect   to   the   CVE   page   and   the   CVE   score   of   this   item. determine   if   the   project   can   be   promoted   to   the   next   category.   The   information   requested   is   also intended   to   help   Project   Leaders   think   about   the   road map   and   feature   priorities,   and   give guidance   to   the   reviews   as   a   result   of   that   effort.
+
This project '''Zezengorri''' is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not '''HSTS''', the versions of '''Chipset''' active, the use of '''SSL''' certificate for the web page among other securities characteristics important measure in the during the life cycle development software . Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the '''CVE''' page and the '''CVE''' score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort.
  
Creating  a  new  set  of  project  pages  from   scratch  can  be  a  challenging  task.  By  providing  a sample  layout,  with  instructional  text  and   examples,   the   OWASP  Code  Project  Template  makes  it easier  for  Project  Leaders  to   create   effective  security  projects  and  hence  helps  promote  security.
+
Apart from detecting and resolving security issues, the recompiled information is also useful to project leaders who can use it to create risk-models for the websites they manage.
  
 
==Licensing==
 
==Licensing==
Line 27: Line 29:
 
== Project Resources ==
 
== Project Resources ==
  
[https://github.com/SamanthaGroves Secure Codding Life Cycle]
+
[Https://drive.google.com/file/d/0B6d-UqLnHsOnUTZLTXVLbEZyY0E/view?usp=sharing|Secure Applications Security in IT deparment]
 +
 
 +
[Https://drive.google.com/file/d/0B6d-UqLnHsOnSDlwQW5tNGRKMkxSblVWX1g0RHZuNTJjM2tV/view?usp=sharing|Source Applications Security using  .Net]
 +
 
 +
== Project Leader ==
 +
 
 +
Project leader's name:
 +
 
 +
'''-Gustavo Nieves Arreaza'''
 +
 
 +
Volunteers :
  
[https://github.com/SamanthaGroves Source Codding .Net]
+
'''-Lubyn Rodriguez(PM)'''
  
[https://github.com/SamanthaGroves Security Automate Test]
+
'''-Hernan Pantoja(Developer)'''
  
== Project Leader ==
+
'''-Samuel Morales(Developer)'''
  
Project leader's name:Gustavo Nieves Arreaza
+
'''-Manuel Heyers(Developer)'''
  
 
== Related Projects ==
 
== Related Projects ==
 
Owasp  Secure  Coding  Practiques
 
Owasp  Secure  Coding  Practiques
  
* [[OWASP_Code_Tool_Template]]
+
* [https://www.owasp.org/index.php/Projects/OWASP_Secure_Coding_Practices_-_Qui ck_Reference_Guide/Releases/SCP_v2 Secure_Coding_Practices]
* [[OWASP_Documentation_Project_Template]]
+
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Owasp Zed Attack Framework]
  
 
==Classifications==
 
==Classifications==
Line 60: Line 72:
  
 
== News and Events ==
 
== News and Events ==
* [1 Nov 2017] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.
+
* '''[1 Nov 2017]'''  Release Page Explain the Concept, with a white Paper
* [19 Jan 2018] 1.0  Release Candidate is available for download.  This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.
+
* '''[3 Apr 2018]''' The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos.
 +
* '''[19 Aug 2018]''' 1.0  Release Candidate is available for download.  This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.  
 +
* Repository: [https://github.com/VascoArreaza/OWASPZezengorri]
  
 
|}
 
|}
  
 
=FAQs=
 
=FAQs=
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
+
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->==How can I participate in our project?==
<span style="color:#ff0000">
+
If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: '''[email protected]'''  
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
+
 
</span>
+
==If I am not a programmer can I participate in our project?==
 +
Yes, you can certainly participate in the project if you are not a programmer or technician. The project needs different skills and expertise for different times during its development ,Currently we are looking for IT persons that are willing to investigate how implement and improve the security in applications.  
 +
 
 +
We are looking right now people for make our:
  
==How can I participate in your project?==
+
'''-QA'''
For  this  first  Phase:  If  you  have  experience  in  web  development  with  languages    such  as  Node.JS, C #,  Java.
 
  
And  you  want  to  learn  about  security  on  web  pages.  You  can  participate  please  contact  us  by  the official  mail  of  the  project  leader  Zezengorri
+
'''-Marketing'''
  
==If I am not a programmer can I participate in your project?==
+
'''-Development (using Node.Js and Python)'''
Yes,  you  can  certainly  participate  in  the  project  if  you  are  not  a  programmer  or  technical.   The project  needs  different  skills  and   expertise  and  different  times  during  its  development.  Currently, we  are  looking  for  researchers  to  like  know  how      computer,server,databases  and  network  work and  how  can  secure,  the  web  applications  whe  these  is  use  this  resources;  and  writers  for document  all  we  are  going  to  do.
 
  
 
= Acknowledgements =
 
= Acknowledgements =
Line 83: Line 98:
  
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
The  OWASP  Security  Zenzengorri  Principles  project  is  developed  by  a  worldwide  team  of volunteers.  A  live  update  of  project    contributors  is  found  here .
+
The  OWASP  Security  '''Zenzengorri'''   Principles  project  is  developed  by  a  worldwide  team  of volunteers.  A  live  update  of  project    contributors  is  found  here .
  
The  first  contributors  to  the  project  were:
+
The  first  contributors  to  the  project  are:
*
 
  
= Road Map and Getting Involved =
+
'''-Lubyn Rodriguez(PM)'''
  
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
+
'''-Hernan Pantoja(Developer)'''
  
==Roadmap==
+
'''-Samuel Morales(Developer)'''
As of '''''february'' , 2017, the highest priorities for the next 6 months''' are:
 
<strong></strong>'''● Complete  the  first  draft  of  the  Code  Project  Template'''
 
  
'''● Get  other  people  to  review  the  Code  Project  Template  and  provide  feedback'''
+
'''-Manuel Heyers(Developer)'''
  
'''● Incorporate  feedback  into  changes  in  the  Code  Project  Template'''
+
= Road Map and Getting Involved =
  
'''Finalize   the   Code   Project   template   and   have   it   reviewed   to   be   promoted   from   an'''
+
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
+
==Roadmap==
'''Incubator  Project  to  a  Lab  Project'''
+
As of '''''february'' , 2017, the highest priorities for the next 6 months''' are: 
 
+
* Complete the first draft of the Code Project Template
</strong>
+
* Get other people to review the Code Project Template and provide feedback
 
+
* Incorporate feedback into changes in the Code Project Template
As  of  september  , 2017, the highest priorities for the next 6 months   are:<strong>
+
* Finalize the Code Project template and have it reviewed to be promoted from an
 
+
As of '''august , 2017, the highest priorities for the next 6 months''' are:
Release  version  of  library  1.0
+
* Promote the library in conferences
 
+
* Get academic support
'''● Promote   the   library   in   conferences'''
+
* Recruit more volunteers
 
+
As of '''march , 2018, the highest priorities for the next 6 months''' are:
'''● Get   academic   support'''
+
* Release version of library 1.0
 
+
* Fundraise for growth the project
'''● Recruit  more  volunteers'''</strong>Subsequent  Releases  will  add
+
<strong></strong>
 
 
</strong>
 
* Internationalization Support</strong>
 
* Additional Unit Tests
 
* Automated Regression tests</strong></strong>
 
  
 
==Getting Involved==
 
==Getting Involved==
Involvement  in  the  development  and  promotion  of    Code  Project  Template    is  actively encouraged.  Some  of  the  ways  you  can  help  are  as  follows:
 
  
 
===Coding===
 
===Coding===
We  could  implement  some  of  the  later  items  on  the  roadmap  sooner  if  someone  wanted  to  help out  with  unit  or  automated  regression  tests
+
If you have experience in programming in Node.js or Python and you want programming tools for secure applications.
===Localization===
 
Are  you   fluent  in   another  language?  Can  you   help  translate  the  text  strings  in  the    Code  Project Template    into  that  language?
 
  
German French Russian Portuguese
 
  
 
===Testing===
 
===Testing===
Do  you  have  a  flair  for  finding  bugs  in  software?  We  want  to  product  a  high  quality  product,  so any  help
+
Do  you  have  a  flair  for  finding  bugs  in  software?  We  want  to  product  a  high  quality  product,  so any  help   with  Quality  Assurance  would  be  greatly  appreciated.   Let  us  know  if  you  can  offer  your help.
===Feedback===
+
 
Please use the [https://lists.owasp.org/mailman/listinfo/OWASP_Code_Project_Template Code Project Template project mailing list] for feedback about:
 
<ul>
 
<li>What do like?</li>
 
<li>What don't you like?</li>
 
<li>What features would you like to see prioritized on the roadmap?</li>
 
</ul>
 
  
 
=Minimal Viable Product=
 
=Minimal Viable Product=
<span style="color:#ff0000">
+
This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
+
The functionalities of this code library are when it is downloaded and implemented.
Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmapAnd it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.
+
-Detect vulnerabilities
</span>
+
-Compare vulnerabilities, with an updated database online.
 +
  -Ranking the severity of vulnerabilities
 +
-Show how fix the vulnerabilities
 +
-Define you own security test in you own program language.
  
The Code Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.
+
= Media =
 
 
It would also be ideal if the sample text was translated into different languages.
 
 
 
=Project About=
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
The  functionalities  of  this  code  library  are  when  it  is  downloaded  and  implemented.
 
* -Detect  vulnerabilities
 
* -Relate  vulnerabilities,  with  an  updated  database  online.
 
* -Ranking  the  severity  of  vulnerabilities  with  their  critical.
 
* -Describe  solutions  for  fix  the  vulnerabilities
 
* -Help  with  the  implementation  of  classes  and  functions  to  implement  secure development
 
* Teach  about  secure  coding  subject  to  developer  team
 
{{:Projects/OWASP_Example_Project_About_Page}}
 
  
 +
-How Implement secure applications in IT: [[File:SDLC y Owasp English.pdf|thumb]]
 +
-Secure you part of the Deal: [[File:Clouds Security and OWASP.pdf|thumb]]
  
__NOTOC__ <headertabs></headertabs>  
+
__NOTOC__ <headertabs>Media</headertabs>
  
 
[[Category:OWASP Project]]   
 
[[Category:OWASP Project]]   

Latest revision as of 14:22, 14 October 2019

OWASP Project Header.jpg

OWASP Code Library Project

Zezengorri is a library that allows you to add security to your development IDE from day one. From the moment you decide to implement secure development to your projects.

You can start either while designing your new projects or implement it in old projects. You can use it to detect vulnerabilities of your web server and the programming language even before starting the development parallel to the system development life circle.

Description

Whenever developers, team leaders or project managers add security to a web application, the first question that comes to mind is which technologies will be implemented in the web project, what operating system is supported by the web server and on which version the server or database runs. For these reasons, OWASP defined a threat modeling document.

This project Zezengorri is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not HSTS, the versions of Chipset active, the use of SSL certificate for the web page among other securities characteristics important measure in the during the life cycle development software . Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the CVE page and the CVE score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort.

Apart from detecting and resolving security issues, the recompiled information is also useful to project leaders who can use it to create risk-models for the websites they manage.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of these

as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright © by OWASP Years 2017-2018.

Project Resources

Applications Security in IT deparment

Applications Security using .Net

Project Leader

Project leader's name:

-Gustavo Nieves Arreaza

Volunteers :

-Lubyn Rodriguez(PM)

-Hernan Pantoja(Developer)

-Samuel Morales(Developer)

-Manuel Heyers(Developer)

Related Projects

Owasp Secure Coding Practiques

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png

News and Events

  • [1 Nov 2017] Release Page Explain the Concept, with a white Paper
  • [3 Apr 2018] The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos.
  • [19 Aug 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.
  • Repository: [1]

How can I participate in our project?

If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: [email protected]

If I am not a programmer can I participate in our project?

Yes, you can certainly participate in the project if you are not a programmer or technician. The project needs different skills and expertise for different times during its development ,Currently we are looking for IT persons that are willing to investigate how implement and improve the security in applications.

We are looking right now people for make our:

-QA

-Marketing

-Development (using Node.Js and Python)

Volunteers

The OWASP Security Zenzengorri Principles project is developed by a worldwide team of volunteers. A live update of project contributors is found here .

The first contributors to the project are:

-Lubyn Rodriguez(PM)

-Hernan Pantoja(Developer)

-Samuel Morales(Developer)

-Manuel Heyers(Developer)

Roadmap

As of february , 2017, the highest priorities for the next 6 months are: 

  • Complete the first draft of the Code Project Template
  • Get other people to review the Code Project Template and provide feedback
  • Incorporate feedback into changes in the Code Project Template
  • Finalize the Code Project template and have it reviewed to be promoted from an

As of august , 2017, the highest priorities for the next 6 months are:

  • Promote the library in conferences
  • Get academic support
  • Recruit more volunteers

As of march , 2018, the highest priorities for the next 6 months are:

  • Release version of library 1.0
  • Fundraise for growth the project

Getting Involved

Coding

If you have experience in programming in Node.js or Python and you want programming tools for secure applications.


Testing

Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.


The functionalities of this code library are when it is downloaded and implemented. 

-Detect vulnerabilities
-Compare vulnerabilities, with an updated database online.
-Ranking the severity of vulnerabilities
-Show how fix the vulnerabilities
-Define you own security test in you own program language.

-How Implement secure applications in IT: File:SDLC y Owasp English.pdf -Secure you part of the Deal: File:Clouds Security and OWASP.pdf

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Zezengorri_Code_Project&oldid=255438"