User talk:Amber Marfatia

Jump to: navigation, search

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 17:15, 31 January 2011 (UTC)

Purpose of the framework - Enhancing Security Options Framework (ESOP Framework)

Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities:

1. Remote code execution

2. SQL injection

3. Format string vulnerabilities

4. Cross Site Scripting (XSS)

5. Session hacking

6. Denial of service (DoS) attacks

7. Eavesdropping /Sniffing/ Phishing

8. Identity Spoofing

9. Man-in-the-Middle Attacks

10. Username enumeration

     1. Instrumentation & Audits for:

     2. Critical Business Areas

     3. User Management

     4. Un-usual activities

     5. Interfaces Integrations

11. IIS Tweaks

12. Password Policy

Road map for achieving the said framework is provided in the next section.

Road Map towards creating the new security framework

Project Roadmap: Planning to phase the project execution in following waves:

1. Wave 1: Documentation and Wireframe of the service framework
2. Wave 2: Class and design diagram framework
3. Wave 3: Development of the framework
                 1. Application layer development
                 2. Data layer development
4. Wave 4: Integration
5. Wave 5: Alpha Testing
6. Wave 6: Beta Testing
7. Release & Publish
4. Project links (if any) to external sites: N.A.
5. Project License: GNU GPL V3.0

Timelines to above roadmap will be provided in the subsquent post.