Difference between revisions of "Category:OWASP AJAX Security Project"

From OWASP
Jump to: navigation, search
(Introduction)
 
(47 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==Introduction==
+
{{taggedDocument
The OWASP AJAX Security project is being lead by Rohini Sulatycki.
+
| type=old
 +
| lastRevision=2011
 +
}}
  
== Current Project Status: ==
+
[[Category:OWASP Project|AJAX Security Project]]
 +
[[Category:OWASP Tool]]
 +
[[Category:OWASP Alpha Quality Tool]]
 +
[[Category:Inactive Projects]]
  
'''Phase I - Project Approach'''
+
==== Main ====
* Solicit ideas/suggestions from OWASP leads
 
  
* Build project team
+
==Introduction==
 +
The goal of the OWASP AJAX Security project is to identify and document security issues encountered by AJAX applications and document ways to secure these applications. The OWASP AJAX Security project is being lead by Anurag Agarwal.
  
* Create project goal list
+
==Project Roadmap==
  
* Prioritize goals
+
1. Gather existing presentations and pull ideas into OWASP <br>
 +
2. Review AJAX frameworks and identify security issues handled by these frameworks<br>
 +
3. Review AJAX related literature (books, articles, ...)<br>
 +
4. Document ways to secure AJAX applications <br>
  
* Articles
+
==Volunteers Needed==
**  Identify articles that need to be written
+
We are actively seeking contributors to add new sections . If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line mailto:abraham_kang[at]yahoo.com<br> Also if you have an idea for new sub-projects then email us.
** Solicit help on articles
 
** Obtain feedback
 
** .......
 
  
== Mailing List ==
 
  
[http://lists.owasp.org/mailman/listinfo/owasp-ajax Click here] to subscribe to the OWASP Ajax Security Project mailing list.
+
== Current Project Status ==
 +
We are currently working on reviewing Ajax frameworks/tools. The intent of the review is to provide an overview of the framework and the security issues handled by the framework.  
  
==AJAX Security Articles==
+
The framework we are currently reviewing is the '''Google Web Toolkit'''[[https://www.owasp.org/index.php/Google_Web_Toolkit]]. If you have experience using GWT and/or are interested in participating in this review please contact us either though the mailing list or emailing anurag.agarwal[at]yahoo.com
  
* [http://www.it-observer.com/articles/1062/ajax_security/ AJAX Security] - nice overview tied into [[OWASP Top Ten]]
+
== Updates ==
 +
Jeff Williams 2/18/2008 article "Reduce your exposure to AJAX threats" can be viewed here[http://www.regdeveloper.co.uk/2008/02/18/simple_ajax_security/print.html]
  
* [[Ajax and Other "Rich" Interface Technologies]] - detailed article from the [[OWASP Guide Project|OWASP Guide]]
+
The SPI Dynamics presentation from BlackHat 2007 can be viewed here [https://www.blackhat.com/presentations/bh-usa-07/Sullivan_and_Hoffman/Whitepaper/bh-usa-07-sullivan_and_hoffman-WP.pdf ]
  
* [[Media:OWASPAppSecEU2006_AJAX_Security.ppt|AJAX Security]] - Andrew van der Stock's presentation from the [[AppSec Europe 2006/Agenda|4th OWASP AppSec Conference held May 2006 in Europe]]
 
  
* [http://www.owasp.org/index.php/Image:OWASPAppSec2006Seattle_Why_AJAX_Applications_More_Likely_Insecure.ppt Why AJAX Applications Are More Likely to Be Insecure (And What To Do About It)] Dave Wicher's presentation from the [[OWASP AppSec Seattle 2006/Agenda|5th OWASP AppSec Conference held Oct. 2006 in Seattle]]
+
==== Project Identification ====
 +
{{:GPC Project Details/OWASP AJAX Security Project | OWASP Project Identification Tab}}
  
* [http://searchappsecurity.techtarget.com/qna/0,289202,sid92_gci1197576,00.html New chapter and verse on AJAX security] - Interview with OWASP's Andrew van der Stock (Part I)
+
__NOTOC__ <headertabs />
  
* [http://searchappsecurity.techtarget.com/qna/0,289202,sid92_gci1198071,00.html?asrc=SS_CLA_302559&psrc=CLT_92 Helping AJAX developers stay ahead of bad guys] - Interview with OWASP's Andrew van der Stock (Part II)
 
  
* [http://www.net-security.org/article.php?id=956 Shreeraj Shah on Top Ten Ajax Vulnerabilities]
+
== Mailing List ==
  
* [http://www.owasp.org/images/6/6a/KC_Dec2006_Ajax_Security_Concerns.pdf Rohini Sulatycki on Ajax Security Concerns]
+
[http://lists.owasp.org/mailman/listinfo/owasp-ajax Click here] to subscribe to the OWASP Ajax Security Project mailing list.
 
 
[[Category:OWASP Project]]
 

Latest revision as of 13:17, 21 February 2016

This page contains out-of-date content. Please help OWASP to FixME.
Last revision (yyyy-mm-dd): 2011

Main

Introduction

The goal of the OWASP AJAX Security project is to identify and document security issues encountered by AJAX applications and document ways to secure these applications. The OWASP AJAX Security project is being lead by Anurag Agarwal.

Project Roadmap

1. Gather existing presentations and pull ideas into OWASP
2. Review AJAX frameworks and identify security issues handled by these frameworks
3. Review AJAX related literature (books, articles, ...)
4. Document ways to secure AJAX applications

Volunteers Needed

We are actively seeking contributors to add new sections . If you are interested in volunteering for the project, or have a comment, question, or suggestion, please drop me a line mailto:abraham_kang[at]yahoo.com
Also if you have an idea for new sub-projects then email us.


Current Project Status

We are currently working on reviewing Ajax frameworks/tools. The intent of the review is to provide an overview of the framework and the security issues handled by the framework.

The framework we are currently reviewing is the Google Web Toolkit[[1]]. If you have experience using GWT and/or are interested in participating in this review please contact us either though the mailing list or emailing anurag.agarwal[at]yahoo.com

Updates

Jeff Williams 2/18/2008 article "Reduce your exposure to AJAX threats" can be viewed here[2]

The SPI Dynamics presentation from BlackHat 2007 can be viewed here [3]


Project Identification

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP AJAX Security Project

Purpose: The goal of the OWASP AJAX Security project is to dentify and document security issues encountered by AJAX applications and document ways to secure these applications.

License: N/A

who is working on this project?
Project Leader: Abraham Kang @

Project Maintainer:

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: N/A

Project Roadmap: To view, click here

Main links: N/A

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Abraham Kang @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
First Release - Unknown Date - (no download available)

Release Leader: N/A

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0



Mailing List

Click here to subscribe to the OWASP Ajax Security Project mailing list.

Subcategories

This category has only the following subcategory.

O

Pages in category "OWASP AJAX Security Project"

The following 3 pages are in this category, out of 3 total.

Media in category "OWASP AJAX Security Project"

This category contains only the following file.