Difference between revisions of "Category:OWASP ASDR Project"

From OWASP
Jump to: navigation, search
(What's In It?)
(16 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{OWASP Book|2538516}}
 +
{{:Project Information:template ASDR Project}}
 +
[[Category:OWASP Project|ASDR Project]]
 +
[[Category:OWASP Document]]
 +
[[Category:OWASP Alpha Quality Document]]
 +
 
=The OWASP Application Security Desk Reference=
 
=The OWASP Application Security Desk Reference=
  
Welcome to the OWASP Application Security Desk Reference Project. All of the materials here are free and open source. This wiki contains the source material for OWASP's [http://stores.lulu.com/owasp Application Security Desk Reference].
+
Welcome to the OWASP Application Security Desk Reference Project! This project is the comprehensive reference for all OWASP projects and application security in general. All of the materials here are free and open source.  
  
You can:
+
By now you can:
  
 
* Use the latest materials on the [[ASDR Table of Contents|wiki]]
 
* Use the latest materials on the [[ASDR Table of Contents|wiki]]
* [http://stores.lulu.com/owasp Download] a free 965 page PDF
+
* [http://www.lulu.com/items/volume_63/2538000/2538516/2/print/ASDR-draftv0.9.pdf Download] a free 600 page PDF
* [http://stores.lulu.com/owasp Purchase] a printed book for the cost of printing
+
* [http://www.lulu.com/content/2538516 Purchase] a printed book for the cost of printing
 +
* Volunteer to help this project!
  
 
== Status ==
 
== Status ==
  
; OWASP ASDR Version 1.0 Release August 1, 2008
+
: We are currently seeking volunteers who will help developing stub/empty articles listed bellow and bring it up to a production level of quality. Join us now to take part in this historic effort, just drop a line to [mailto:leo.cavallari@owasp.org Leonardo Cavallari]!
: OWASP will release ASDR 1.0 on August 1, 2008. We are currently seeking volunteers who will take responsibility for a part of the [[ASDR Table of Contents]] and bring it up to a production level of quality. Join us now to take part in this historic effort.
+
 
+
:If you are interested to help this out, drop a line to Leonardo Cavallari (leonardocavallari@gmail.com) with the articles from [[ASDR Table of Contents]] you want to develop/review. Every help will be appreciated!!
+
  
 
== What's In It? ==
 
== What's In It? ==
Line 20: Line 24:
 
The ASDR is a reference volume that contains basic information about all the foundational topics in application security. The top level categories in the ASDR are listed below. These are implemented as "categories" in the wiki, so that it is easy to group and link related topics.
 
The ASDR is a reference volume that contains basic information about all the foundational topics in application security. The top level categories in the ASDR are listed below. These are implemented as "categories" in the wiki, so that it is easy to group and link related topics.
  
'''[[ASDR Table of Contents]]'''
+
'''ASDR Table of Contents'''
* Section 1: [[ASDR TOC Principles]]
+
* Section 1: [[:Category:Principle]]
* Section 2: [[ASDR TOC Threat Agents]]
+
* Section 2: [[:Category:Threat Agent]]
* Section 3: [[ASDR TOC Attacks]]
+
* Section 3: [[:Category:Attack]]
* Section 4: [[ASDR TOC Vulnerabilities]]
+
* Section 4: [[:Category:Vulnerability]]
* Section 5: [[ASDR TOC Control]]
+
* Section 5: [[:Category:Control]]
* Section 6: [[ASDR TOC Technical Impacts]]
+
* Section 6: [[:Category:Technical Impact]]
* Section 7: [[ASDR TOC Business Impacts]]
+
* Section 7: [[:Category:Business Impact]]
  
Note that any application security risk has a threat agent (attacker) who is using an attack to target a vulnerability (typically a missing or broken countermeasure). If successful, this attack will have both a technical impact and a business impact.  There may be one or more associated principles as well. Please refer to the [[OWASP Risk Rating Methodology]] for more information about how this works.
+
Note that any application security risk has a threat agent (attacker) who is using an '''attack''' to target a '''vulnerability''' (typically a missing or broken '''control'''). If successful, this attack will have both a '''technical impact''' and a '''business impact'''.  There may be one or more associated '''principles''' as well. Please refer to the [[OWASP Risk Rating Methodology]] for more information about how this works.
  
 
== What's It For? ==
 
== What's It For? ==
Line 51: Line 55:
 
== Feedback and Participation: ==
 
== Feedback and Participation: ==
  
We hope you find the OWASP Honeycomb Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org.  To join the OWASP Honeycomb Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-honeycomb subscription page.]
+
We hope you find the OWASP ASDR Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org or to leo.cavallari@owasp.org.  To join the OWASP ASDR Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-asdr-project subscription page.]
  
 
== Articles ==
 
== Articles ==
  
Listed on the pages below are '''all''' the articles that are a part of the Honeycomb project. It is interesting to browse, but it is just an unstructured alphabetical list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for. '''Note: the portal only lists categories that start with the letters of the first 200 articles. To view other categories, select the "next 200" button.'''
+
Listed on the pages below are '''all''' the articles that are a part of the ASDR project. It is interesting to browse, but it is just an unstructured alphabetical list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for. '''Note: the portal only lists categories that start with the letters of the first 200 articles. To view other categories, select the "next 200" button.'''
  
 
== ==
 
== ==
  
[[Category:OWASP Project]]
+
[[Category:OWASP Project|ASDR Project]]
  
 
__NOTOC__
 
__NOTOC__

Revision as of 06:25, 19 June 2009

OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

PROJECT IDENTIFICATION
Project Name OWASP Application Security Desk Reference (ASDR) Project
Short Project Description This project is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.
Project key Information Project Leader
Leonardo Cavallari Militelli
Project Contributors
(if any)
Mailing List
Subscribe here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsors
OWASP SoC 08
iBLISS Segurança&Inteligência
Release Status Main Links Related Projects

Alpha Quality
Please see here for complete information.

OWASP ASDR Workplan
Old Honeycomb Roadmap

OWASP Honeycomb Project
Common Weakness Enumeration (CWE)
Software Assurance Metrics and Tool Evaluation (SAMATE)


The OWASP Application Security Desk Reference

Welcome to the OWASP Application Security Desk Reference Project! This project is the comprehensive reference for all OWASP projects and application security in general. All of the materials here are free and open source.

By now you can:

  • Use the latest materials on the wiki
  • Download a free 600 page PDF
  • Purchase a printed book for the cost of printing
  • Volunteer to help this project!

Status

We are currently seeking volunteers who will help developing stub/empty articles listed bellow and bring it up to a production level of quality. Join us now to take part in this historic effort, just drop a line to Leonardo Cavallari!

What's In It?

The ASDR is a reference volume that contains basic information about all the foundational topics in application security. The top level categories in the ASDR are listed below. These are implemented as "categories" in the wiki, so that it is easy to group and link related topics.

ASDR Table of Contents

Note that any application security risk has a threat agent (attacker) who is using an attack to target a vulnerability (typically a missing or broken control). If successful, this attack will have both a technical impact and a business impact. There may be one or more associated principles as well. Please refer to the OWASP Risk Rating Methodology for more information about how this works.

What's It For?

The ASDR is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.

Why This Approach?

Application security information cannot be organized into a one-dimensional taxonomy that is useful for all purposes, although many have tried. For example, organizing application security by vulnerability helps tool vendors, but makes it very difficult for architects to select controls. We've adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these categories to help get different views into the complex, interconnected set of topics that is application security.

How Is It Maintained?

The ASDR is the result of work that started in 2000, across projects like VulnXML, WAS-XML, Top Ten, WebScarab, WebGoat, Testing Project, Guide, and others. Although there is already a wealth of information here, we are just starting on this project. We need volunteers to help us complete articles, categorize articles appropriately, eliminate duplication, and more.

Related Projects

The Common Weakness Enumeration (CWE) project at Mitre is a formal list of software weaknesses created to serve as a common language for describing software security weaknesses in architecture, design, or code; serve as a standard measuring stick for software security tools targeting these weaknesses; and provide a common baseline standard for weakness identification, mitigation, and prevention efforts.

The Software Assurance Metrics and Tool Evaluation (SAMATE) project from NIST "supports the Department of Homeland Security's Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods."

Feedback and Participation:

We hope you find the OWASP ASDR Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to owasp@owasp.org or to leo.cavallari@owasp.org. To join the OWASP ASDR Project mailing list or view the archives, please visit the subscription page.

Articles

Listed on the pages below are all the articles that are a part of the ASDR project. It is interesting to browse, but it is just an unstructured alphabetical list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for. Note: the portal only lists categories that start with the letters of the first 200 articles. To view other categories, select the "next 200" button.

Subcategories

This category has the following 14 subcategories, out of 14 total.

A

B

C

E

F

I

N

P

P cont.

R

T

Pages in category "OWASP ASDR Project"

The following 200 pages are in this category, out of 326 total.

(previous 200) (next 200)

A

B

C

C cont.

D

E

F

G

H

I

I cont.

J

K

L

M

(previous 200) (next 200)