This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Zezengorri Code Project

From OWASP
Revision as of 19:34, 25 October 2017 by Gustavo.Arreaza (talk | contribs) (Licensing)

Jump to: navigation, search
OWASP Project Header.jpg

OWASP Code Library Project

This is Zezengorri a library to allows you to add security in the development IDE from the day one, of the moment you decide implement security development to your projects, starting in design phase of new projects, and in old projects for see what you miss detecting the vulnerabilities of the web server, the computer and the programming language before starting the development on in parallel with the Lifecycle software development.

Description

When developers, team leaders or project managers add security to a web application, the first thing that comes up is the question of which technologies are handled in my web project, what operating system the web server supports, what version of server or what version of the database the application uses, for this Owasp define the threat modeling (knowing what we have).

This project Zezengorri is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not HSTS, the versions of Chipset active, the use of SSL certificate for the web page among other securities characteristics important measure in the during the life cycle development software . Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the CVE page and the CVE score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort.

Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Code Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of these

as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright © by OWASP Years 2017-2018.

Project Resources

[Codding Life Cycle]

[Codding .Net]

[Automate Test]

Project Leader

Project leader's name:Gustavo Nieves Arreaza

Related Projects

Owasp Secure Coding Practiques

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png

News and Events

  • [1 Nov 2017] Release Page Explain the Concept, with a white Paper
  • [19 Jan 2018] 1.0 Release Candidate is available for download. This release provides final bug fixes and product stabilization. Any feedback (good or bad) in the next few weeks would be greatly appreciated.

How can I participate in your project?

For this first Phase: If you have experience in web development with languages such as Node.JS, C #, Java.

And you want to learn about security on web pages. You can participate please contact us by the official mail of the project leader Zezengorri

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers to like know how computer,server,databases and network work and how can secure, the web applications whe these is use this resources; and writers for document all we are going to do.

Volunteers

The OWASP Security Zenzengorri Principles project is developed by a worldwide team of volunteers. A live update of project contributors is found here .

The first contributors to the project were:

Roadmap

As of february , 2017, the highest priorities for the next 6 months are: ● Complete the first draft of the Code Project Template

● Get other people to review the Code Project Template and provide feedback

● Incorporate feedback into changes in the Code Project Template

● Finalize the Code Project template and have it reviewed to be promoted from an

Incubator Project to a Lab Project

As of september , 2017, the highest priorities for the next 6 months are:

Release version of library 1.0

● Promote the library in conferences

● Get academic support

● Recruit more volunteers

Subsequent Releases will add

  • Internationalization Support
  • Additional Unit Tests
  • Automated Regression tests

Getting Involved

Involvement in the development and promotion of Code Project Template is actively encouraged. Some of the ways you can help are as follows:

Coding

We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests

Localization

Are you fluent in another language? Can you help translate the text strings in the Code Project Template into that language?

German French Russian Portuguese

Testing

Do you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help.

Feedback

Please use the Code Project Template project mailing list for feedback about:

  • What do like?
  • What don't you like?
  • What features would you like to see prioritized on the roadmap?

The functionalities of this code library are when it is downloaded and implemented.

-Detect vulnerabilities

-Relate vulnerabilities, with an updated database online. -Ranking the severity of vulnerabilities with their criticality. -Describe solutions for fix the vulnerabilities

-Help with the implementation of classes and functions to implement secure development

The functionalities of this code library are when it is downloaded and implemented.

  • -Detect vulnerabilities
  • -Relate vulnerabilities, with an updated database online.
  • -Ranking the severity of vulnerabilities with their critical.
  • -Describe solutions for fix the vulnerabilities
  • -Help with the implementation of classes and functions to implement secure development
  • Teach about secure coding subject to developer team
PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: N/A
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
pending
last reviewed release
pending


other releases