OWASP ASIDE Project

Main
This project is led by [Jing Xie] & Bill Chu. Other major contributors include Jun Zhu, Heather Richter Lipford, John Melton & Will Stranathan. New Our talk Using Interactive Static Analysis for Early Detection of Software Vulnerabilities has been accepted by [AppSec USA 2012|http://www.appsecusa.org/]. We look forward to meeting those who are interested in ASIDE in Austin TX. We have presented our talk Secure Programming Support in IDE at AppSec USA 2011 in Minneapolis. You can view and download our presentation here.

Take a Look
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this old version of ASIDE DEMO. You will need Adobe Flash to display it. A newer version will soon be uploaded.

Download
The first publicly available ASIDE can be downloaded now. You also need to download the complementary logging facility to make ASIDE work properly. ASIDE is built upon Eclipse IDE for Java EE Developers Version 3.5+.

To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.

Source Code
The source code is located at https://github.com/Jing-Xie/owasp-aside

Research Activities
1. Jing Xie, Heather Richter Lipford, and Bill Chu, Evaluating Interactive Support for Secure Programming, In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA

2. Jing Xie, Bill Chu, Heather Richter Lipford, and John T. Melton, ASIDE:IDE Support for Web Application Security, In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA

3. Jing Xie, Heather Richter Lipford, and Bill Chu, Why do programmers make security errors?, In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA

4. Jing Xie, Bill Chu, and Heather Richter Lipford Interactive Support for Secure Software Development, In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain