Category:OWASP Project

PROTECT:

OWASP AntiSamy Java Project

an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks (Assessment Criteria v1.0)

OWASP AntiSamy .NET Project

an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks. (Assessment Criteria v1.0)

OWASP Enterprise Security API (ESAPI) Project

a free and open collection of all the security methods that a developer needs to build a secure web application. (Assessment Criteria v1.0)

DETECT:

OWASP Live CD Project

this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. (Assessment Criteria v1.0)

OWASP WebScarab Project

a tool for performing all types of security testing on web applications and web services (Assessment Criteria v1.0)

LIFE CYCLE:

OWASP WebGoat Project

an online training environment for hands-on learning about application security (Assessment Criteria v1.0)

PROTECT:

OWASP Development Guide

a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)

OWASP .NET Project

the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)

OWASP Ruby on Rails Security Guide V2

this Project is the one and only source of information about Rails security topics. (Assessment Criteria v1.0)

DETECT:

OWASP Application Security Verification Standard Project

The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying) applications using both security testing and code review techniques. (Assessment Criteria v1.0)

OWASP Code Review Guide

a project to capture best practices for reviewing code. (Assessment Criteria v1.0)

OWASP Testing Guide

a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)

OWASP Top Ten Project

an awareness document that describes the top ten web application security vulnerabilities (Assessment Criteria v1.0)

LIFE CYCLE:

OWASP AppSec FAQ Project

FAQ covering many application security topics (Assessment Criteria v1.0)

OWASP Legal Project

a project focused on providing contract language for acquiring secure software (Assessment Criteria v1.0)

OWASP Source Code Review for OWASP-Projects

a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC). (Assessment Criteria v1.0)

PROTECT:

OWASP CSRFGuard Project

a J2EE filter that implements a unique request token to mitigate CSRF attacks (Assessment Criteria v1.0)

OWASP Encoding Project

a project focused on the development of encoding best practices for web applications. (Assessment Criteria v1.0)

OWASP OpenSign Server Project

the purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. (Assessment Criteria v1.0)

OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp

focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP. (Assessment Criteria v1.0)

DETECT:

OWASP Access Control Rules Tester Project

this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool. (Assessment Criteria v1.0)

OWASP Code Crawler

this tool is aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. (Assessment Criteria v1.0)

OWASP DirBuster Project

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. (Assessment Criteria v1.0)

OWASP LAPSE Project

an Eclipse-based source-code static analysis tool for Java (Assessment Criteria v1.0)

OWASP Orizon Project

the goal of this project is to develop an extensible code review engine to be used from source code assessment tools. (Assessment Criteria v1.0)

OWASP Pantera Web Assessment Studio Project

a project focused on combining automated capabilities with complete manual testing to get the best results (Assessment Criteria v1.0)

OWASP Report Generator

a project giving security professionals a way to report and keep track of their projects (Assessment Criteria v1.0)

OWASP Site Generator

a project allowing users to create dynamic sites for use in training, web application scanner testing, etc... (Assessment Criteria v1.0)

OWASP Skavenger Project

is a web application security assessment tool kit that passively analyses traffic logged by various MITM proxies as well as other sources and helps to identify various kinds of possible vulnerabilities. (Assessment Criteria v1.0)

OWASP SQLiX Project

a project focused on the development of SQLiX, a full perl-based SQL scanner (Assessment Criteria v1.0)

OWASP Sqlibench Project

this is a benchmarking project of automatic sql injectors related to dumping databases. (Assessment Criteria v1.0)

OWASP Tiger

OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested. (Assessment Criteria v1.0)

OWASP WeBekci Project

OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)

OWASP WSFuzzer Project

a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer (Assessment Criteria v1.0)

LIFE CYCLE:

OWASP Live CD Education Project

an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by OWASP Spring Of Code 2007 and Security Distro (Assessment Criteria v1.0)

OWASP Teachable Static Analysis Workbench Project

this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype. (Assessment Criteria v1.0)

PROTECT:

OWASP AppSensor Project

a framework for detecting and responding to attacks from within the application. (Assessment Criteria v1.0)

OWASP Backend Security Project

this is a new project created to improve and to collect the existant information about the backend security. (Assessment Criteria v1.0)

OWASP Securing WebGoat using ModSecurity Project

the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. (Assessment Criteria v1.0)

DETECT:

OWASP Tools Project

the OWASP Tools Project's goal is to provide unbiased, practical information and guidance about application security tools. (Assessment Criteria v1.0)

LIFE CYCLE:

OWASP CLASP Project

a project focused on defining process elements that reinforce application security (Assessment Criteria v1.0)

OWASP Education Project

a project to build educational tracks and modules for different audiences. (Assessment Criteria v1.0)

OWASP Internationalization Project

general guidelines to start a new translation project for OWASP site and projects. (Assessment Criteria v1.0)

OWASP Spanish Project

first translation effort to make OWASP site and project completely available in Spanish language. (Assessment Criteria v1.0)

OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project

The idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. (Assessment Criteria v1.0)

OWASP Classic ASP Security Project

it aims in creating a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. (Assessment Criteria v1.0)

OWASP CRM Project

provides a management system for membership, projects, industry and chapters and users of OWASP projects (Assessment Criteria v1.0)

OWASP Cryttr - Encrypted Twitter Project

a way to do some encrypted messaging to a group of distributed people with as little overhead as possible. (Assessment Criteria v2.0)

OWASP CSRFTester Project

gives developers the ability to test their applications for CSRF flaws (Assessment Criteria v1.0)

OWASP Encrypted Syndication Project

complements the OWASP Cryttr - Encrypted Twitter Project and serves other few other front ends that can use Encrypted Syndication Protocol. (Assessment Criteria v2.0)

OWASP EnDe Project

This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web. (Assessment Criteria v1.0)

OWASP Google Hacking Project

Google SOAP Search API with Perl (Assessment Criteria v1.0)

OWASP Insecure Web App Project

a web application that includes common web application vulnerabilities (Assessment Criteria v1.0)

OWASP JBroFuzz Project

a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. This project was sponsored by OWASP Spring Of Code 2007 (Assessment Criteria v1.0)

OWASP Joomla Vulnerability Scanner Project

a regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution,XSS, DOS,directory traversal vulnerabilities of a target Joomla! web site

OWASP JSP Testing Tool Project

the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. (Assessment Criteria v1.0)

OWASP Learn About Encoding Project

this project has as its ultimate goal of demystifying the problems related to the study of character encoding (charset encoding). (Assessment Criteria v1.0)

OWASP Mutillidae Project

a deliberately vulnerable set of PHP scripts that implement the OWASP Top 10

OWASP NetBouncer Project

is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level. (Assessment Criteria v1.0)

OWASP Open Review Project (ORPRO)

a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. (Assessment Criteria v1.0)

OWASP PHP AntiXSS Library Project

reduce cross-site scripting vulnerabilities by encoding your output (Assessment Criteria v1.0)

OWASP Python Static Analysis Project

the aim of this project is to provide full language support,other Python frameworks support, analysis improvement, reporting capability, documentation, promotion materials: publication-ready article and presentation (Assessment Criteria v1.0)

OWASP Proxy Project

aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. (Assessment Criteria v1.0)

OWASP Sprajax Project

an open source black box security scanner used to assess the security of AJAX-enabled applications (Assessment Criteria v1.0)

OWASP Stinger Project

a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications (Assessment Criteria v1.0)

OWASP Vicnum Project

a lightweight vulnerable web application based on a game played to kill time which demonstrates common web application vulnerabilities such as cross site scripting (Assessment Criteria v1.0)

OWASP Wapiti Project

the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable (Assessment Criteria v1.0)

OWASP Web Application Security Metric using Attack Patterns Project

the project provides attack pattern database along with prototype model (Assessment Criteria v1.0)

OWASP Web 2.0 Project

a place for advanced research of security in the Web 2.0 world (Assessment Criteria v1.0)

OWASP WeBekci Project

this is web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)

OWASP Webslayer Project

a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (Assessment Criteria v1.0)

OWASP Yasca Project

Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools. (Assessment Criteria v1.0)

OWASP ASDR Project

is a reference volume that contains basic information about all the foundational topics in application security (Assessment Criteria v1.0)

OWASP AIR Security Project

investigating the security of AIR applications (Assessment Criteria v1.0)

OWASP AJAX Security Guide

investigating the security of AJAX enabled applications (Assessment Criteria v1.0)

OWASP Anti-Malware Project

describing common flaws in security designs (Assessment Criteria v1.0)

OWASP Application Security Requirements (Assessment Criteria v1.0)

OWASP Best Practices: Use of Web Application Firewalls

the document is aimed primarily at technical decision-makers, especially those responsible for operations and security (Assessment Criteria v1.0)

OWASP Book Cover & Sleeve Design

this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve.

(Assessment Criteria v1.0)

OWASP Boot Camp Project

this project was started to supply a brief information about the OWASP projects. (Assessment Criteria v1.0)

OWASP Career Development Project

The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. (Assessment Criteria v1.0)

OWASP Certification Criteria Project

(Assessment Criteria v1.0)

OWASP Certification Project

our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. (Assessment Criteria v1.0)

OWASP Communications Project

(Assessment Criteria v1.0)

OWASP Content Validation using Java Annotations Project

to explore the use of Java annotations for object validation, specifically for content validation. the result will be a framework which should be easy to use with an existing application. (Assessment Criteria v2.0)

OWASP Flash Security Project

investigating the security of Flash applications (Assessment Criteria v1.0)

OWASP Member Packs/Conference Attendee Packs

this is a project of corporate design to develop an Individual/Member Pack. (Assessment Criteria v1.0)

OWASP Java Project

a project focused on helping Java and J2EE developers build secure applications (Assessment Criteria v1.0)

OWASP Logging Guide

a project to define best practices for logging and log management (Assessment Criteria v1.0)

OWASP ModSecurity Core Rule Set Project

a project to document and develop the ModSecurity Core Rule Set (Assessment Criteria v1.0)

OWASP PCI Project

a project to build and maintain community concensus for managing regulatory risk of web applications (Assessment Criteria v1.0)

OWASP PHP Project

a project focused on helping PHP developers build secure applications (Assessment Criteria v1.0)

OWASP Positive Security Project

a project to learn how companies are working to create a positive security approach on their own resources and use this knowledge to create a set of control, marketing and awareness tools that will be available to promote and construct a positive approach to security worldwide (Assessment Criteria v1.0)

OWASP Scholastic Application Security Assessment Project

a project that is intended to be the first step towards integrating security requirements in academic course curriculum (Assessment Criteria v1.0)

OWASP Security Analysis of Core J2EE Design Patterns Project

a to be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks (Assessment Criteria v2.0)

OWASP Security Spending Benchmarks

provides insight to reduce operational appsec costs (Assessment Criteria v1.0)

Software Assurance Maturity Model (SAMM)

this project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that's tailored to the specific business risks facing the organization.

OWASP Source Code Flaws Top 10 Project

a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review (Assessment Criteria v1.0)

OWASP Validation Project

a project that provides guidance and tools related to validation (Assessment Criteria v1.0)

OWASP WASS Guide

a standards project to develop more concrete criteria for secure applications (Assessment Criteria v1.0)

OWASP Web Application Scanner Specification Project

there will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. (Assessment Criteria v1.0)

OWASP Web Application Security Put Into Practice

real-world web application security for Ruby on Rails, Apache and MySQL (Assessment Criteria v1.0)

OWASP XML Security Gateway Evaluation Criteria

a project to define evaluation criteria for XML Security Gateways (Assessment Criteria v1.0)

OWASP on The Move Project

a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)

OWASP Speakers Project

a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)

OWASP Fuzzing Code Database

a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements. (Assessment Criteria v1.0)

OWASP CAL9000 Project

a JavaScript based web application security testing suite

OWASP Interceptor Project

A testing tool for XML web service and Ajax interfaces.

OWASP Application Security Assessment Standards Project

establish a set of standards defining baseline approaches to conducting differing types/levels of application security assessment (Assessment Criteria v1.0)

OWASP Application Security Metrics Project

identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security (Assessment Criteria v1.0)

OWASP Corporate Application Security Rating Guide

This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.