Category:OWASP Honeycomb Project

Revision as of 19:35, 26 July 2006 by OWASP (Talk | contribs)

Jump to: navigation, search


In the Honeycomb project, OWASP is assembling the most comprehensive and integrated guide ever attempted to the fundamental building blocks of application security (principles, threats, attacks, vulnerabilities, and countermeasures) through collaborative community efforts. You can view the OWASP Honeycomb Project Roadmap to find out what is being worked on and how you can help.


What we are trying to accomplish?

Our basic assumption is that we will never be able to make progress in application security without some basic building blocks. We've identified principles, threats, vulnerabilities, attacks, and countermeasures as the fundamentals to most application security activities. So we've set out to capture all the common names used in these areas, gather as much information as we can about each, and interlink them in a meaningful way.

The difficulties in organizing this information

Most efforts to organization application security information attempt to force the information into a one-dimensional taxonomy of one sort or another. These efforts (including the OWASP Top Ten) have failed to adequately make the information useful.

The approach we’ve taken

We've decided to apply the 'folksonomy' approach popularized recently to organize information with many complex relationships. So each of the major types of building blocks has its own 'tag' (called a 'category' in MediaWiki). This organizes the basic types of articles. Then within each article, we have references to other related articles, so that it is possible to explore the information set.

Why the name Honeycomb?

We are trying to use a distributed, self-organizing approach to create something beyond any of the individuals involved. We admire many of the characteristics of the honeycomb and hope that we can produce something useful.

How to use the information?

We're not sure all the ways that this information might be used. But we're sure that knowing how all the pieces fit together will help.

  • Architects may want to use this information when threat modeling their applications. You'll want to identify combinations of threats, attacks, and vulnerabilities that apply to your system. Then you should select appropriate countermeasures and use the principles to help guide design decisions.
  • Deveopers may want to use this information to learn about different vulnerabilities and to select coding guidelines for their project.
  • Security researchers may want to use this framework to organize their thinking about security and help to ensure completeness.

How to add an article into Honeycomb Project?

Volunteers Needed

Our current tactical goals are:

  • Fill in the contents of the stub honeycomb articles (those marked with {{Template:Stub}})
  • Refine the contents and structure of the honeycomb articles
  • Eliminate redundancy in the articles and categories

The following tasks are ready for volunteers:

  • Merge "Buffer overflow", "Buffer Overflow" and related redundant articles
  • Merge "Cross Site Scripting" and "Cross-site_scripting"
  • Merge "SQL Injection" and "SQL injection"

To find out more about what you can help, please go to OWASP Honeycomb Project Roadmap.


This category has the following 9 subcategories, out of 9 total.


C cont.



Pages in category "OWASP Honeycomb Project"

This category contains only the following page.