Friday, June 3, 2011

OWASP Project Update

Reposted from http://globalprojectscommittee.wordpress.com/2011/06/03/owasp-projects-overview-last-6-months/ by Paulo Coimbra

A. NEW PROJECTS

* OWASP Common Numbering Project, led by Dave Wichers, this project is a new numbering scheme that will be common across OWASP Guides and References is being developed.

* OWASP HTTP Post Tool, led by Tom Brenann, this project is a tool for the purpose of performing web application security assessment around the availability concerns.

* OWASP Forward Exploit Tool Project, led by Marcos Mateos Garcia, this aims to develop a tool to exploit Top 10 2010 – A10 – Unvalidated Forward vulnerability to bypass access control to protected Java application files.

* OWASP Java XML Templates Project, led by Jeff Ichnowski, this is a fast and secure XHTML-compliant template language that runs on a model similar to JSP.

* OWASP ASIDE Project, led by Jing Xie, Bill Chu and John Melton, ASIDE is an abbreviation for Assured Software Integrated Development Environment. It is an Eclipse Plugin which is a software tool primarily designed to help students write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs.

* OWASP Secure Password Project, led by Josh Sokol, this project will have a two pronged approach designed to put more nails in the single-factor method of authentication: an interactive portal where penetration testers are able to enter known information about the target and the results of all data collected into a large database.

* OWASP Secure the Flag Competition Project, led by Mark Bristow, this project aims to create a different type of competition that encourages secure coding rather than hacking skills.

* OWASP Security Baseline Project, led by Marian Ventuneac, this projects aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks.

* OWASP ESAPI Objective – C Project, led by Deepak Subramanian, this project is the Objective-C (Cocoa) implementation of ESAPI.

* OWASP Academy Portal Project, led by Martin Knobloch, Ricardo Melo and Konstantinos Papapanagiotou, this project envisages the creation of a Portal to offer academic material in usable blocks, lab’s, video’s and forum.

* OWASP Exams Project, led by Jason Taylor, this project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators.

* OWASP Portuguese Language Project, led by Lucas Ferreira and Carlos Serrão, this project aims to coordinate and push foward the iniciatives developed to translate OWASP materials to Portuguese.

* OWASP Browser Security ACID Tests Project, led by Dave Wichers, John Wilander and David Lindsay, this project was started in order to help people get a better understanding of what these issues are while also providing browser vendors a forum to compare strategies, vulnerabilities, and new features.

* OWASP Web Browser Testing System Project, led by Isaac Dawson, this project was built to quickly automate and test various browser and user-agents for security issues. It contains all the necessary services required for testing a browser.

* OWASP Java Project, led by Matthias Rohr, this project’s goal is to enable Java and J2EE developers to build secure applications efficiently.

* OWASP Myth Breakers Project, led by Stefano Di Paola and Dinis Cruz,this project similar to http://dsc.discovery.com/tv/mythbusters but for appsec, urban legends and assumptions regarding appsec will be tested and there’ll be a set of examples that will prove the correctness/incorrectness of a statement related to the question.

* OWASP LAPSE Project, led by Pablo Martín Pérez and José María Sierra Cámara, LAPSE is designed to help with the task of auditing Java EE Applications for common types of security vulnerabilities found in Web Applications.

* OWASP Software Security Assurance Process, led by Mateo Martínez, this project envisages to outline mandatory and recommended processes and practices to manage risks associated with applications.

* OWASP Enhancing Security Options Framework (ESOP Framework, led by Amber Marfatia, the purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from several specified vulnerabilities.

* OWASP German Language Project, led by Matthias Rohr, this project will provide a foundation, guideance and common terminology for German translations (as well as other German language specific activities) of OWASP documents and parts of the OWASP web site. Furthermore, it will organize, plan and priorize new language projects such as translations.

* OWASP Mantra – Security Framework, led by Abhi M BalaKrishnan, this project is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges,maintaining access, and covering tracks.

* OWASP Java HTML Sanitizer, led by by Mike Samuel and Jim Manico, this this is a fast Java-based HTML Sanitizer which provides XSS protection.

* OWASP Java Encoder Project, led by Jeff Ichnowski, this project is a simple-to-use drop-in encoder class with little baggage.

* OWASP WebScarab NG Project, led by Daniel Brzozowsk, this project is a robust tool that assists the user in penetration test. This is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly.

* OWASP Threat Modelling Project, led by Anurag Agarwal, this project envisages to establish a single and inclusive software-centric OWASP Threat modeling Methodology, addressing vulnerability in client and web application-level services over the Internet.

* OWASP Application Security Assessment Standards Project, led by Matteo Michelini, the Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed and what level of assessment is appropriate based on business requirement.

* OWASP Hackademic Challenges Project, led by Anastasios Stasinopoulos and Konstantinos Papapanagiotou, this is an open source project that can be used to test and improve one’s knowledge of web application security.

* OWASP Hatkit Proxy Project, led by Martin Holst Swende, this is an intercepting http/tcp proxy based on the Owasp Proxy, but with several additions.

* OWASP Hatkit Datafiddler Project, led by Martin Holst Swende, this is a tool for performing advanced analysis of http traffic.

* OWASP ESAPI Swingset Interactive Project, led by Cathal Courtney and Fabio Cerullo, this a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library.

* OWASP ESAPI Swingset Demo Project, led by Craig Younkins, this is a web application which demonstrates the many uses of the Enterprise Security API (ESAPI).

* OWASP Web Application Security Accessibility Project, led by Petr Závodský, this project will focus extensively on the issue of web application security accessibility.

* OWASP Cloud ‐ 10 Project, led by Vinay Bansal, Shankar Babu Chebrolu, Pankaj Telang, Ken Huang, and Ove Hansen, the goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. List will be maintained by input from community, security experts and security incidences at cloud/SaaS providers.

* OWASP Web Testing Environment Project,l ed by Matt Tesauro, this project was thought o receive all contents OWASP Live CD related.

* OWASP iGoat Project, led by Kenneth R. van Wyk, this project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat.

* Opa, led by David Rajchenbach-Teller, usher in a new generation of web development tools and methodologies.

* OWASP Mobile Security Project – Mobile Threat Model, led by Jack Mannino this sub-project is a component of the OWASP Mobile Security Project.

* OWASP Codes of Conduct, led by Colin Watson, this project envisages to create and maintain OWASP Codes of Conduct. In order to achieve our mission, OWASP needs to take advantage of every opportunity to affect software development everywhere. At the OWASP Summit 2011 in Portugal, the idea was created to try to influence educational institutions, government bodies, standards groups, and trade organizations.

B. PROJECTS/UNDER WORK

* OWASP Cross-Site Request Forgery Research Pool

1 comment:

Tom Brennan said...

So after reading this.. you have a idea you have a pet project.. now is the time to join the movement

https://www.owasp.org/index.php/How_to_Start_an_OWASP_Project