OWASP Zezengorri Code Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

OWASP Code Library Project
Zezengorri is a library that allows you to add security to your development IDE from day one. From the moment you decide to implement secure development to your projects.

You can start either while designing your new projects or implement it in old projects. You can use it to detect vulnerabilities of your web server and the programming language even before starting the development parallel to the system development life circle.

Description
Whenever developers, team leaders or project managers add security to a web application, the first question that comes to mind is which technologies will be implemented in the web project, what operating system is supported by the web server and on which version the server or database runs. For these reasons, OWASP defined a threat modeling document.

This project Zezengorri is a code library is a downloadable package that adheres to the root of the web project, and from them this can, analyzes and seeks to collect in a simple web page the characteristics of all the security components for examples: if our website uses or not HSTS, the versions of Chipset active, the use of SSL certificate for the web page among other securities characteristics important measure in the during the life cycle development software. Each of these item is display in a new web page in a list of item any show if is active or not, the version of the plugin and a web link. That links redirect to the CVE page and the CVE score of this item. determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the road map and feature priorities, and give guidance to the reviews as a result of that effort.

Apart from detecting and resolving security issues, the recompiled information is also useful to project leaders who can use it to create risk-models for the websites they manage.

Licensing
This program is free software: you can redistribute it and/or modify it under the terms of these as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP and any contributions are Copyright &copy; by OWASP Years 2017-2018.
 * https://opensource.org/licenses/NPOSL-3.0
 * https://creativecommons.org/licenses/by/4.0/
 * https://opensource.org/licenses/Frameworx-1.0


 * style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

Project Resources
[Https://drive.google.com/file/d/0B6d-UqLnHsOnUTZLTXVLbEZyY0E/view?usp=sharing|Secure Applications Security in IT deparment]

[Https://drive.google.com/file/d/0B6d-UqLnHsOnSDlwQW5tNGRKMkxSblVWX1g0RHZuNTJjM2tV/view?usp=sharing|Source Applications Security using  .Net]

Project Leader
Project leader's name:

-Gustavo Nieves Arreaza

Volunteers :

-Lubyn Rodriguez(PM)

-Hernan Pantoja(Developer)

-Samuel Morales(Developer)

-Manuel Heyers(Developer)

Related Projects
Owasp  Secure   Coding   Practiques


 * Secure_Coding_Practices
 * Owasp Zed Attack Framework

Classifications

 * style="padding-left:25px;width:200px;" valign="top" |

News and Events

 * [1 Nov 2017] Release Page  Explain the Concept, with a white Paper
 * [3 Apr 2018] The Inacap Institute and their students also start to participate in the Zezengorri owasp https://www.inacap.cl/tportalvp/alumnos.
 * [19 Aug 2018] 1.0 Release Candidate is available for download.  This release provides final bug fixes and product stabilization.  Any feedback (good or bad) in the next few weeks would be greatly appreciated.


 * }

=FAQs=

How can I participate in our project?
If you have experience in web development using for example: Node.JS, C# or Java and are interested in learning about applications security please contact us via the official mail: ing.arreaza@gmail.com

If I am not a programmer can I participate in our project?
Yes, you can certainly participate in the project if you are not a programmer or technician. The project needs different skills and expertise for different times during its development ,Currently we are looking for IT persons that are willing to investigate how implement and improve the security in applications.

We are looking right now people for make our:

-QA

-Marketing

-Development (using Node.Js and Python)

= Acknowledgements =

Volunteers
The  OWASP   Security   Zenzengorri   Principles   project   is   developed   by   a   worldwide   team   of volunteers. A  live   update   of   project    contributors   is   found   here.

The  first   contributors   to   the   project   are:

= Road Map and Getting Involved =

Roadmap
As of february, 2017, the highest priorities for the next 6 months are:

● Complete the first draft of the Code Project Template

● Get other people to review the Code Project Template and provide feedback

● Incorporate feedback into changes in the Code Project Template

● Finalize the Code Project template and have it reviewed to be promoted from an

Incubator Project to a Lab Project

As of march, 2017, the highest priorities for the next 6 months are:

Release version of library 1.0

● Promote the library in conferences

● Get academic support

● Recruit more volunteers

Subsequent Releases will add

·        Internationalization Support

·        Additional Unit Tests

·        Automated Regression tests

Getting Involved
Involvement  in   the   development   and   promotion   of    Code   Project   Template    is   actively encouraged. Some  of   the   ways   you   can   help   are   as   follows:

Coding
We  could   implement   some   of   the   later   items   on   the   roadmap   sooner   if   someone   wanted   to   help out   with   unit   or   automated   regression   tests

Localization
Are  you   fluent   in   another   language? Can  you   help   translate   the   text   strings   in   the    Code   Project Template    into   that   language?

German French Russian Portuguese

Testing
Do  you   have   a   flair   for   finding   bugs   in   software? We  want   to   product   a   high   quality   product,   so any   help   with   Quality   Assurance   would   be   greatly   appreciated. Let  us   know   if   you   can   offer   your help.

Feedback
Please use the Code Project Template project mailing list for feedback about:  What do like? What don't you like? What features would you like to see prioritized on the roadmap? 

=Minimal Viable Product= The  functionalities   of   this   code   library   are   when   it   is   downloaded   and   implemented.

-Detect  vulnerabilities

-Relate  vulnerabilities,   with   an   updated   database   online. -Ranking  the   severity   of   vulnerabilities   with   their   criticality. -Describe  solutions   for   fix   the   vulnerabilities

-Help  with   the   implementation   of   classes   and   functions   to   implement   secure development

=Project About=

The  functionalities   of   this   code   library   are   when   it   is   downloaded   and   implemented.
 * -Detect  vulnerabilities
 * -Relate  vulnerabilities,   with   an   updated   database   online.
 * -Ranking  the   severity   of   vulnerabilities   with   their   critical.
 * -Describe  solutions   for   fix   the   vulnerabilities
 * -Help  with   the   implementation   of   classes   and   functions   to   implement   secure development
 * Teach  about   secure   coding   subject   to   developer   team