Category:OWASP ASDR Project
From OWASP
Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.
| PROJECT IDENTIFICATION | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| Project Name | OWASP Application Security Desk Reference (ASDR) Project | ||||||||
| Short Project Description | This project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved. | ||||||||
| Email Contacts | Project Leader Leonardo Cavallari Militelli | Project Contributors (if applicable) Name&Email | Mailing List To subscribe To use | First Reviewer William Smith | Second Reviewer Kenneth Van Wyk | Third Reviewer Frederick Donovan | Fourth Reviewer Darren W. Challey | OWASP Board Member Jeff Williams | |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
| |||||
| RELATED PROJECTS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||||
|---|---|---|---|---|---|---|
| Reviewer Review | Author's Self Evaluation (applicable for Alpha Quality & further) | First Reviewer (applicable for Alpha Quality & further) | Second Reviewer (applicable for Beta Quality & further) | Third Reviewer (applicable for Beta Quality & further) | Fourth Reviewer (applicable for Beta Quality & further) | OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review Self-Evaluation (A) | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review 1st Reviewer (C) | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review 2nd Reviewer (E) | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review 3rd Reviewer (G) | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review 4th Reviewer (I) | X |
| Final Review | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code (To update) --------- See&Edit: Final Review SelfEvaluation (B) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code (To update) --------- See&Edit: Final Review 1st Reviewer (D) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code (To update) --------- See&Edit: Final Review 2nd Reviewer (F) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code (To update) --------- See&Edit: Final Review 3rd Reviewer (H) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code (To update) --------- See&Edit: Final Review 4th Reviewer (J) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code (To update) --------- See/Edit: Final Review Board Member (K) |
The OWASP Application Security Desk Reference
Welcome to the OWASP Application Security Desk Reference Project. All of the materials here are free and open source. This wiki contains the source material for OWASP's Application Security Desk Reference.
You can:
- Use the latest materials on the wiki
- Download a free 965 page PDF
- Purchase a printed book for the cost of printing
Status
- OWASP ASDR Version 1.0 Release August 1, 2008 - VOLUNTEERS NEEDED!!!
- OWASP will release ASDR 1.0 on August 1, 2008. We are currently seeking volunteers who will take responsibility for a part of the ASDR Table of Contents and bring it up to a production level of quality. Join us now to take part in this historic effort.
- If you are interested to help this out, check ASDR Table of Contents and OWASP_ASDR_Workplan, then drop a line to Leonardo Cavallari leonardocavallari@gmail.com. Every help will be appreciated!!
What's In It?
The ASDR is a reference volume that contains basic information about all the foundational topics in application security. The top level categories in the ASDR are listed below. These are implemented as "categories" in the wiki, so that it is easy to group and link related topics.
- Section 1: ASDR TOC Principles
- Section 2: ASDR TOC Threat Agents
- Section 3: ASDR TOC Attacks
- Section 4: ASDR TOC Vulnerabilities
- Section 5: ASDR TOC Control
- Section 6: ASDR TOC Technical Impacts
- Section 7: ASDR TOC Business Impacts
Note that any application security risk has a threat agent (attacker) who is using an attack to target a vulnerability (typically a missing or broken countermeasure). If successful, this attack will have both a technical impact and a business impact. There may be one or more associated principles as well. Please refer to the OWASP Risk Rating Methodology for more information about how this works.
What's It For?
The ASDR is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.
Why This Approach?
Application security information cannot be organized into a one-dimensional taxonomy that is useful for all purposes, although many have tried. For example, organizing application security by vulnerability helps tool vendors, but makes it very difficult for architects to select controls. We've adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these categories to help get different views into the complex, interconnected set of topics that is application security.
How Is It Maintained?
The ASDR is the result of work that started in 2000, across projects like VulnXML, WAS-XML, Top Ten, WebScarab, WebGoat, Testing Project, Guide, and others. Although there is already a wealth of information here, we are just starting on this project. We need volunteers to help us complete articles, categorize articles appropriately, eliminate duplication, and more.
Related Projects
The Common Weakness Enumeration (CWE) project at Mitre is a formal list of software weaknesses created to serve as a common language for describing software security weaknesses in architecture, design, or code; serve as a standard measuring stick for software security tools targeting these weaknesses; and provide a common baseline standard for weakness identification, mitigation, and prevention efforts.
The Software Assurance Metrics and Tool Evaluation (SAMATE) project from NIST "supports the Department of Homeland Security's Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods."
Feedback and Participation:
We hope you find the OWASP Honeycomb Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org. To join the OWASP Honeycomb Project mailing list or view the archives, please visit the subscription page.
Articles
Listed on the pages below are all the articles that are a part of the Honeycomb project. It is interesting to browse, but it is just an unstructured alphabetical list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for. Note: the portal only lists categories that start with the letters of the first 200 articles. To view other categories, select the "next 200" button.
(previous 200) (next 200)
Subcategories
There are 5 subcategories to this category.
B
C
F
I
Articles in category "OWASP ASDR Project"
There are 195 articles in this category.
