OWASP student projects

These projects require some research, thinking, and some hard work, but I think they would be very valuable in getting students to really understand software security. Please contact us at [mailto:owasp@owasp.org?subject=Student_Projects_at_OWASP].


 * 1) AppSec Principles - do some research and flesh out one of the OWASP principles. Talk about how the principle works in general, and then examine how it is applied in various contexts.
 * 2) Attacks - flesh out the list of attacks, develop each one with content and links.
 * 3) Vulnerabilities - work to fill out writeups of vulnerabilities and clean up the vulnerability lists. There's lots of linking to other articles here needed.  We're integrating CLASP, CWE, Fortify, and other sources of vulnerabilities to make the best resource anywhere.
 * 4) Countermeasures - general cleanup and linking of these articles. Probably some stubs in there that need significant writing.
 * 5) AppSec Metrics - this project is harder, but desperately needed. Could involve paper exercises or actual tools.  If someone wants to implement the "software facts" label, that would be a thesis level project
 * 6) Java Project - great opportunity to do research and bring together all the best information in one place for Java developers

Many of these projects are research projects that will help students develop their understanding of how application security works. Students who want to participate should:


 * Choose an article topic from the Principle or Attack page
 * Contact owasp@owasp.org to get guidance on your project
 * Research everything you can find about that topic on the internet (and books)
 * Ensure that you’re not overlapping with other existing OWASP articles
 * Create a clear, well-organized, comprehensive article
 * You can't just copy other people's work -- you have to think and write in your own words
 * Be sure to link with articles you use and any other applicable articles

You can use the "talk" pages associated with each article to propose ideas, ask questions, etc… Members of the OWASP community will respond and guide your work.