OWASP student projects

These projects require some research, thinking, and some hard work, but I think they would be very valuable in getting students to really understand software security.


 * 1) AppSec Principles - do some research and flesh out one of the OWASP principles. Talk about how the principle works in general, and then examine how it is applied in various contexts.


 * 1) Attacks - flesh out the list of attacks, develop each one with content and links.


 * 1) Vulnerabilities - work to fill out writeups of vulnerabilities and clean up the vulnerability lists. There's lots of linking to other articles here needed.  We're integrating CLASP, CWE, Fortify, and other sources of vulnerabilities to make the best resource anywhere.


 * 1) Countermeasures - general cleanup and linking of these articles. Probably some stubs in there that need significant writing.


 * 1) AppSec Metrics - this project is harder, but desperately needed. Could involve paper exercises or actual tools.  If someone wants to implement the "software facts" label, that would be a thesis level project


 * 1) Java Project - great opportunity to do research and bring together all the best information in one place for Java developers