OWASP Zezengorri Code Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

OWASP Code Library Project
This  is   Zezengorri   a   library   to   allows   you   to   add   security   in   the   development   IDE   from   the day   one,   of   the   moment   you   decide   implement   security   development   to   your   projects, starting  in  design  phase  of    new  projects,  and  in  old  projects  for  see  what  you  miss  detecting the   vulnerabilities   of   the   web   server,   the   computer   and   the   programming   language   before starting   the   development   on   in   parallel   with   the   Lifecycle   software   development.

Description
When  developers,   team   leaders   or   project   managers   add   security   to   a   web   application,   the   first thing   that   comes   up   is   the   question   of   which   technologies   are   handled   in   my   web   project,   what operating   system   the   web   server   supports,   what   version   of   server   or   what   version   of   the database   the   application   uses,   for   this   Owasp   define   the   threat   modeling   (knowing   what   we have).

This  project   Zezengorri   is   a   code   library   is   a   downloadable   package   that   adheres   to   the   root   of the   web   project,   and   from   them   this   can,   analyzes   and   seeks   to   collect   in   a   simple   web   page   the characteristics   of   all   the   security   components   for   examples:   if   our   website   uses   or   not   HSTS,   the versions   of   Chipset   active,   the   use   of   SSL   certificate   for   the   web   page   among   other   securities characteristics   important   measure   in   the   during   the   life   cycle   development   software. Each  of these   item   is   display   in   a   new   web page   in   a   list   of   item   any   show   if   is   active   or   not,   the   version   of the   plugin   and   a   web link. That  links   redirect   to   the   CVE   page   and   the   CVE   score   of   this   item. determine  if   the   project   can   be   promoted   to   the   next   category. The  information   requested   is   also intended   to   help   Project   Leaders   think   about   the   road map   and   feature   priorities,   and   give guidance   to   the   reviews   as   a   result   of   that   effort.

Creating  a   new   set   of   project   pages   from   scratch   can   be   a   challenging   task. By  providing   a sample   layout,   with   instructional   text   and   examples,   the   OWASP   Code   Project   Template   makes   it easier   for   Project   Leaders   to   create   effective   security   projects   and   hence   helps   promote   security.

Licensing
This program is free software: you can redistribute it and/or modify it under the terms of these as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright &copy; by OWASP Years 2017-2018.
 * https://opensource.org/licenses/NPOSL-3.0
 * https://creativecommons.org/licenses/by/4.0/
 * https://opensource.org/licenses/Frameworx-1.0


 * style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

Project Resources
Secure Codding Life Cycle

Source Codding .Net

Security Automate Test

Project Leader
Project leader's name:Gustavo Nieves Arreaza

Volunteers: Lubyn Rodriguez

Related Projects
Owasp  Secure   Coding   Practiques


 * Secure_Coding_Practices
 * Owasp Zed Attack Framework

Classifications

 * style="padding-left:25px;width:200px;" valign="top" |

News and Events

 * [1 Nov 2017] Release Page  Explain the Concept, with a white Paper
 * [19 Jan 2018] 1.0 Release Candidate is available for download.  This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.


 * }

=FAQs=

How can I participate in your project?
For  this   first   Phase:   If   you   have   experience   in   web   development   with   languages     such   as   Node.JS, C #,   Java.

And  you   want   to   learn   about   security   on   web   pages. You  can   participate   please   contact   us   by   the official   mail   of   the   project   leader   Zezengorri

If I am not a programmer can I participate in your project?
Yes,  you   can   certainly   participate   in   the   project   if   you   are   not   a   programmer   or   technical. The project  needs   different   skills   and   expertise   and   different   times   during   its   development. Currently, we  are   looking   for   researchers   to   like   know   how      computer,server,databases   and   network   work and   how   can   secure,   the   web   applications   whe   these   is   use   this   resources;   and   writers   for document   all   we   are   going   to   do.

= Acknowledgements =

Volunteers
The  OWASP   Security   Zenzengorri   Principles   project   is   developed   by   a   worldwide   team   of volunteers. A  live   update   of   project    contributors   is   found   here.

The  first   contributors   to   the   project   were:

= Road Map and Getting Involved =

Roadmap
As of february, 2017, the highest priorities for the next 6 months are: ● Complete  the   first   draft   of   the   Code   Project   Template

● Get  other   people   to   review   the   Code   Project   Template   and   provide   feedback

● Incorporate  feedback   into   changes   in   the   Code   Project   Template

● Finalize  the   Code   Project   template   and   have   it   reviewed   to   be   promoted   from   an

Incubator  Project   to   a   Lab   Project

As of   september ,  2017,  the  highest  priorities  for  the  next  6  months   are:

Release  version   of   library   1.0

● Promote  the   library   in   conferences

● Get  academic   support

● Recruit  more   volunteers

Subsequent  Releases   will   add


 * Internationalization Support
 * Additional Unit Tests
 * Automated Regression tests

Getting Involved
Involvement  in   the   development   and   promotion   of    Code   Project   Template    is   actively encouraged. Some  of   the   ways   you   can   help   are   as   follows:

Coding
We  could   implement   some   of   the   later   items   on   the   roadmap   sooner   if   someone   wanted   to   help out   with   unit   or   automated   regression   tests

Localization
Are  you   fluent   in   another   language? Can  you   help   translate   the   text   strings   in   the    Code   Project Template    into   that   language?

German French Russian Portuguese

Testing
Do  you   have   a   flair   for   finding   bugs   in   software? We  want   to   product   a   high   quality   product,   so any   help   with   Quality   Assurance   would   be   greatly   appreciated. Let  us   know   if   you   can   offer   your help.

Feedback
Please use the Code Project Template project mailing list for feedback about:  What do like? What don't you like? What features would you like to see prioritized on the roadmap? 

=Minimal Viable Product= The  functionalities   of   this   code   library   are   when   it   is   downloaded   and   implemented.

-Detect  vulnerabilities

-Relate  vulnerabilities,   with   an   updated   database   online. -Ranking  the   severity   of   vulnerabilities   with   their   criticality. -Describe  solutions   for   fix   the   vulnerabilities

-Help  with   the   implementation   of   classes   and   functions   to   implement   secure development

=Project About=

The  functionalities   of   this   code   library   are   when   it   is   downloaded   and   implemented.
 * -Detect  vulnerabilities
 * -Relate  vulnerabilities,   with   an   updated   database   online.
 * -Ranking  the   severity   of   vulnerabilities   with   their   critical.
 * -Describe  solutions   for   fix   the   vulnerabilities
 * -Help  with   the   implementation   of   classes   and   functions   to   implement   secure development
 * Teach  about   secure   coding   subject   to   developer   team