Category:OWASP ASDR Project
The OWASP Application Security Desk Reference
Welcome to the OWASP Application Security Desk Reference Project. All of the materials here are free and open source. This wiki contains the source material for OWASP's Application Security Desk Reference.
- Use the latest materials on the wiki
- Download a free 650 page PDF
- Purchase a printed book for the cost of printing
- OWASP ASDR Version 1.0 Release April 1, 2008
- OWASP will release ASDR 1.0 on April 1, 2008. We are currently seeking volunteers who will take responsibility for a part of the ASDR Table of Contents and bring it up to a production level of quality. Join us now to take part in this historic effort.
What's In It?
The ASDR is a reference volume that contains basic information about all the foundational topics in application security. The top level categories in the ASDR are listed below. These are implemented as "categories" in the wiki, so that it is easy to group and link related topics.
Note that any application security risk has a threat agent (attacker) who is using an attack to target a vulnerability (typically a missing or broken countermeasure). If successful, this attack will have both a technical impact and a business impact. There may be one or more associated principles as well. Please refer to the OWASP Risk Rating Methodology for more information about how this works.
What's It For?
The ASDR is helpful as basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. We intend to encourage understanding and consistency when discussing these basic foundational elements of application security. Security only works if people can make informed decisions about risk. The ASDR provides that basic information to help ensure all stakeholders are involved.
Why This Approach?
Application security information cannot be organized into a one-dimensional taxonomy that is useful for all purposes, although many have tried. For example, organizing application security by vulnerability helps tool vendors, but makes it very difficult for architects to select controls. We've adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these categories to help get different views into the complex, interconnected set of topics that is application security.
How Is It Maintained?
The ASDR is the result of work that started in 2000, across projects like VulnXML, WAS-XML, Top Ten, WebScarab, WebGoat, Testing Project, Guide, and others. Although there is already a wealth of information here, we are just starting on this project. We need volunteers to help us complete articles, categorize articles appropriately, eliminate duplication, and more.
The Common Weakness Enumeration (CWE) project at Mitre is a formal list of software weaknesses created to serve as a common language for describing software security weaknesses in architecture, design, or code; serve as a standard measuring stick for software security tools targeting these weaknesses; and provide a common baseline standard for weakness identification, mitigation, and prevention efforts.
The Software Assurance Metrics and Tool Evaluation (SAMATE) project from NIST "supports the Department of Homeland Security's Software Assurance Tools and R&D Requirements Identification Program. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods."
Feedback and Participation:
We hope you find the OWASP Honeycomb Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to firstname.lastname@example.org. To join the OWASP Honeycomb Project mailing list or view the archives, please visit the subscription page.
Listed on the pages below are all the articles that are a part of the Honeycomb project. It is interesting to browse, but it is just an unstructured alphabetical list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for. Note: the portal only lists categories that start with the letters of the first 200 articles. To view other categories, select the "next 200" button.
This category has the following 14 subcategories, out of 14 total.
Pages in category "OWASP ASDR Project"
The following 200 pages are in this category, out of 330 total.(previous 200) (next 200)