This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Project Information:template Anti-Malware Project"

From OWASP
Jump to: navigation, search
(New page: ---- {| style="width:100%" border="0" align="center" ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT INFORMATION''' |- | style="widt...)
 
 
(20 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP XXXX Project'''
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Anti-Malware Project'''<br>Defending Web Infrastructures Against Malware
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
 
  | colspan="7" style="width:85%; background:#cccccc" align="left"|
Projects description here XXXX
+
“Malware is nowadays more than a single enemy: online crime has unified the forces for targeting any online banking customer. Banking Malware is ubiquitous because it’s constantly updated via country-specific configuration files and with modular plugins to fit any banking web application. In addition it can defeat the most sophisticated security protections actually implemented.”
 +
 
 +
This project is about describing common flaws in security designs that have been adopted for protecting banking websites against malware, as well as a series of best practices that should be considered for evaluating and building better anti-malware solutions.
 +
The project will be constantly updated with information taken from Owasp Community, Malware Analysis, Forensic Activities, as well as from any other validated source.
 +
 
 +
The project delivery will be divided into Two parts. The first part will be a document containing guidelines directed to Banking Web Infrastructures owners. This document will be kept intentionally as short as possible and will have the main goal to raise the awareness on Malware threats and to precisely name a series of checklists that should be taken into consideration to significantly improve website security against malware.
 +
 
 +
The second part will be a technical study dynamically updated in wiki-style format. The technical study will be the reference for the guidelines contained in the previous document. This study will try to analyze the most sophisticated Malware Techniques used in the 3 most spread Banking Malware families, as well as discuss the effectiveness of different security protections that are thought to be useful against Malware.
 +
 
 +
The Technical Study will be made up of two teams: MRE (Malware Reverse Engineering Team) and AMTS (Anti-Malware Technology Solutions Team). MRE team will be in charge of studying the malware samples and to inoculate the techniques used against banking Websites; AMTS team will harvest the internet for any Web Infrastructural solution that claims to be Malware Proof for identifying its strengths and weaknesses.
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|
 
  | style="width:15%; background:#7B8ABD" align="center"|
 
'''Key Project Information'''
 
'''Key Project Information'''
 
  | style="width:14%; background:#cccccc" align="center"|
 
  | style="width:14%; background:#cccccc" align="center"|
Project Leader<br>[mailto:XXXX '''XXXX'']
+
Project Leader<br>[[User:Gfedon|'''Giorgio Fedon''']]
  | style="width:14%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|
Project Contibutors<br>[mailto: XXXX '''XXXX'']
+
Project Contibutors<br>[[User:Vicente.aguilera|'''Vicente Aguilera''']]<br>[[User:Giuseppe_Bonfa|'''Giuseppe Bonfa''']]<br>[[User:Nikola_Milosevic|'''Nikola Milosevic''']]
  | style="width:14%; background:#cccccc" align="center"|
+
  | style="width:10%; background:#cccccc" align="center"|
Mailing List<br>[XXXX '''Subscribe here''']<br>[mailto: XXXX '''Use here''']
+
Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-anti-malware '''Subscribe here''']<br>[mailto:[email protected] '''Use here''']
  | style="width:14%; background:#cccccc" align="center"|
+
  | style="width:17%; background:#cccccc" align="center"|
 
License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
License<br>[http://creativecommons.org/licenses/by-sa/3.0/ '''Creative Commons Attribution Share Alike 3.0''']
 
  | style="width:14%; background:#cccccc" align="center"|
 
  | style="width:14%; background:#cccccc" align="center"|
Project Type<br>[[:Category:OWASP_Project#Alpha_Status_Projects|'''Tool''']]
+
Project Type<br>[[:Category:OWASP_Project#Alpha_Status_Projects|'''Document''']]
 
  | style="width:15%; background:#cccccc" align="center"|
 
  | style="width:15%; background:#cccccc" align="center"|
Sponsors<br>if any, add link
+
Sponsors<br>[http://www.mindedsecurity.com '''Minded Security''']
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"  
 
{| style="width:100%" border="0" align="center"  
Line 31: Line 40:
 
  |-
 
  |-
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
Provisory '''[[:Category:OWASP Project Assessment#Alpha Quality Tool Criteria|Apha Quality]]'''<br>(under review)<br>[[:OWASP XXXX Project - Assessment Frame|Please see here for complete information.]]
+
Provisory '''[[:Category:OWASP Project Assessment#Alpha Quality Documentation Criteria|Apha Quality]]'''<br>(under review)<br>[[:OWASP Anti-Malware Project - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="center"|
 
  | style="width:42%; background:#cccccc" align="center"|
[XXXX ''' XXXX '']
+
[[:OWASP Anti-Malware Project - Awareness Program|Anti-malware Awareness Program]]<br>[[:OWASP Anti-Malware - Knowledge Base|Anti-malware - Knowledge Base]]
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
[XXXX ''' XXXX '']
+
if any, add link(s)
 
  |}
 
  |}
 
----
 
----

Latest revision as of 10:59, 31 January 2012


PROJECT INFORMATION
Project Name OWASP Anti-Malware Project
Defending Web Infrastructures Against Malware
Short Project Description

“Malware is nowadays more than a single enemy: online crime has unified the forces for targeting any online banking customer. Banking Malware is ubiquitous because it’s constantly updated via country-specific configuration files and with modular plugins to fit any banking web application. In addition it can defeat the most sophisticated security protections actually implemented.”

This project is about describing common flaws in security designs that have been adopted for protecting banking websites against malware, as well as a series of best practices that should be considered for evaluating and building better anti-malware solutions. The project will be constantly updated with information taken from Owasp Community, Malware Analysis, Forensic Activities, as well as from any other validated source.

The project delivery will be divided into Two parts. The first part will be a document containing guidelines directed to Banking Web Infrastructures owners. This document will be kept intentionally as short as possible and will have the main goal to raise the awareness on Malware threats and to precisely name a series of checklists that should be taken into consideration to significantly improve website security against malware.

The second part will be a technical study dynamically updated in wiki-style format. The technical study will be the reference for the guidelines contained in the previous document. This study will try to analyze the most sophisticated Malware Techniques used in the 3 most spread Banking Malware families, as well as discuss the effectiveness of different security protections that are thought to be useful against Malware.

The Technical Study will be made up of two teams: MRE (Malware Reverse Engineering Team) and AMTS (Anti-Malware Technology Solutions Team). MRE team will be in charge of studying the malware samples and to inoculate the techniques used against banking Websites; AMTS team will harvest the internet for any Web Infrastructural solution that claims to be Malware Proof for identifying its strengths and weaknesses.

Key Project Information

Project Leader
Giorgio Fedon

Project Contibutors
Vicente Aguilera
Giuseppe Bonfa
Nikola Milosevic

Mailing List
Subscribe here
Use here

License
Creative Commons Attribution Share Alike 3.0

Project Type
Document

Sponsors
Minded Security

Release Status Main Links Related Projects

Provisory Apha Quality
(under review)
Please see here for complete information.

Anti-malware Awareness Program
Anti-malware - Knowledge Base

if any, add link(s)