Difference between revisions of "Category:OWASP ASDR Project"

From OWASP
Jump to: navigation, search
Line 27: Line 27:
  
 
'''[[ASDR Table of Contents]]'''
 
'''[[ASDR Table of Contents]]'''
* Section 1: [[ASDR TOC Principles]]
+
* Section 1: [[Category:Principle]]
* Section 2: [[ASDR TOC Threat Agents]]
+
* Section 2: [[Category:Threat Agent]]
* Section 3: [[ASDR TOC Attacks]]
+
* Section 3: [[Category:Attack]]
* Section 4: [[ASDR TOC Vulnerabilities]]
+
* Section 4: [[Category:Vulnerability]]
* Section 5: [[ASDR TOC Control]]
+
* Section 5: [[Category:Control]]
* Section 6: [[ASDR TOC Technical Impacts]]
+
* Section 6: [[Category:Technical Impact]]
* Section 7: [[ASDR TOC Business Impacts]]
+
* Section 7: [[Category:Business Impact]]
  
 
Note that any application security risk has a threat agent (attacker) who is using an '''attack''' to target a '''vulnerability''' (typically a missing or broken '''control'''). If successful, this attack will have both a '''technical impact''' and a '''business impact'''.  There may be one or more associated '''principles''' as well. Please refer to the [[OWASP Risk Rating Methodology]] for more information about how this works.
 
Note that any application security risk has a threat agent (attacker) who is using an '''attack''' to target a '''vulnerability''' (typically a missing or broken '''control'''). If successful, this attack will have both a '''technical impact''' and a '''business impact'''.  There may be one or more associated '''principles''' as well. Please refer to the [[OWASP Risk Rating Methodology]] for more information about how this works.

Revision as of 18:04, 9 March 2009

OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

PROJECT IDENTIFICATION
Project Name OWASP Application Security Desk Reference (ASDR) Project
Short Project Description This project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.
Project key Information Project Leader
Leonardo Cavallari Militelli
Project Contributors
(if any)
Mailing List
Subscribe here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsors
OWASP SoC 08
iBLISS Segurança&Inteligência
Release Status Main Links Related Projects

Alpha Quality
Please see here for complete information.

OWASP ASDR Workplan
Old Honeycomb Roadmap

OWASP Honeycomb Project
Common Weakness Enumeration (CWE)
Software Assurance Metrics and Tool Evaluation (SAMATE)


The OWASP Application Security Desk Reference

Welcome to the OWASP Application Security Desk Reference Project! This project is the comprehensive reference for all OWASP projects and application security in general. All of the materials here are free and open source.

By now you can:

  • Use the latest materials on the wiki
  • Download a free 600 page PDF
  • Purchase a printed book for the cost of printing
  • Volunteer to help this project!

Status

We are currently seeking volunteers who will help developing stub/empty articles from ASDR Table of Contents and bring it up to a production level of quality. Join us now to take part in this historic effort.
If you are interested to help this out, check ASDR Table of Contents and OWASP_ASDR_Workplan, then drop a line to Leonardo Cavallari leonardocavallari@gmail.com. Every help will be appreciated!!

What's In It?

The ASDR is a reference volume that contains basic information about all the foundational topics in application security. The top level categories in the ASDR are listed below. These are implemented as "categories" in the wiki, so that it is easy to group and link related topics.

ASDR Table of Contents

  • Section 1:
  • Section 2:
  • Section 3:
  • Section 4:
  • Section 5:
  • Section 6:
  • Section 7:

Note that any application security risk has a threat agent (attacker) who is using an attack to target a vulnerability (typically a missing or broken control). If successful, this attack will have both a technical impact and a business impact. There may be one or more associated principles as well. Please refer to the OWASP Risk Rating Methodology for more information about how this works.

What's It For?

The ASDR is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.

Why This Approach?

Application security information cannot be organized into a one-dimensional taxonomy that is useful for all purposes, although many have tried. For example, organizing application security by vulnerability helps tool vendors, but makes it very difficult for architects to select controls. We've adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these categories to help get different views into the complex, interconnected set of topics that is application security.

How Is It Maintained?

The ASDR is the result of work that started in 2000, across projects like VulnXML, WAS-XML, Top Ten, WebScarab, WebGoat, Testing Project, Guide, and others. Although there is already a wealth of information here, we are just starting on this project. We need volunteers to help us complete articles, categorize articles appropriately, eliminate duplication, and more.

Related Projects

The Common Weakness Enumeration (CWE) project at Mitre is a formal list of software weaknesses created to serve as a common language for describing software security weaknesses in architecture, design, or code; serve as a standard measuring stick for software security tools targeting these weaknesses; and provide a common baseline standard for weakness identification, mitigation, and prevention efforts.

The Software Assurance Metrics and Tool Evaluation (SAMATE) project from NIST "supports the Department of Homeland Security's Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods."

Feedback and Participation:

We hope you find the OWASP ASDR Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org or to leocavallari@owasp.org. To join the OWASP ASDR Project mailing list or view the archives, please visit the subscription page.

Articles

Listed on the pages below are all the articles that are a part of the Honeycomb project. It is interesting to browse, but it is just an unstructured alphabetical list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for. Note: the portal only lists categories that start with the letters of the first 200 articles. To view other categories, select the "next 200" button.

Subcategories

This category has the following 14 subcategories, out of 14 total.

A

B

C

E

F

I

N

P

P cont.

R

T

Pages in category "OWASP ASDR Project"

The following 200 pages are in this category, out of 326 total.

(previous 200) (next 200)

A

B

C

C cont.

D

E

F

G

H

I

I cont.

J

K

L

M

(previous 200) (next 200)