Difference between revisions of "Category:OWASP Project"

From OWASP
Jump to: navigation, search
(48 intermediate revisions by 5 users not shown)
Line 1: Line 1:
An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:  
+
__NOTOC__
 +
{|
 +
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:NEW-PROJECTS-BANNER.jpg|950px| link=https://www.owasp.org/index.php/Category:OWASP_Project]]
 +
| align="center" |
 +
 
 +
|}
 +
 
 +
= Welcome  =
 +
{| style="width: 100%;"
 +
|-
 +
| style="width: 100%; color: rgb(0, 0, 0);" |
 +
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 +
|-
 +
| style="width: 95%; color: rgb(0, 0, 0);" |
 +
<font size=2pt>
 +
An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 120 active projects, and new project applications are submitted every week.  This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community.
 +
 
 +
 
 +
All OWASP tools, document, and code library projects are organized into the following categories:  
  
 
*'''PROTECT''' - These are tools and documents that can be used to guard against security-related design and implementation flaws.  
 
*'''PROTECT''' - These are tools and documents that can be used to guard against security-related design and implementation flaws.  
 
*'''DETECT''' - These are tools and documents that can be used to find security-related design and implementation flaws.  
 
*'''DETECT''' - These are tools and documents that can be used to find security-related design and implementation flaws.  
 
*'''LIFE CYCLE''' - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
 
*'''LIFE CYCLE''' - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
 +
  
If you would like to start a new project please review the '''[[How to Start an OWASP Project]]''' guide. Please contact the [https://www.owasp.org/index.php/Global_Projects_and_Tools_Committee Global Project Committee] members to discuss project ideas and how they might fit into OWASP. All OWASP projects must be free and open and have their homepage on the OWASP portal. You can read all the guidelines in the [[:Category:OWASP Project Assessment|Project Assessment Criteria]].  
+
Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page.  
  
Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page.  
+
A summary of recent project announcements is available on the [[OWASP Updates]] page.
  
A list of '''Projects''' that have been identified as '''orphaned''' ones has been set up. Please [[:Category:OWASP Orphaned Projects|glance at it]] and see you find interest in leading any of them. <br><br>
+
'''[https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf OWASP Projects Handbook 2013]'''
  
<paypal>OWASP Projects</paypal>
+
=== OWASP Project Inventory ===
  
=Stable Quality Projects=
+
* '''[https://www.owasp.org/index.php/OWASP_Project_Inventory#Incubator_Projects Incubator Projects:]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
  
*Stable quality projects are generally the level of quality of professional tools or documents.  
+
* '''[https://www.owasp.org/index.php/OWASP_Project_Inventory#Labs_Projects Lab Projects:]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.  
*Projects are listed below.
+
  
{| width="100%"
+
* '''[https://www.owasp.org/index.php/OWASP_Project_Inventory#Flagship_Projects Flagship Projects:]''' The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole.
|-
+
! width="50%" | Tools
+
! Documentation
+
|- valign="top"
+
|
+
'''PROTECT:<br><br>'''  
+
  
;[[:Category:OWASP AntiSamy Project|OWASP AntiSamy Java Project]]
+
<br> '''Who Should Start an OWASP Project:'''
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP AntiSamy Project .NET|OWASP AntiSamy .NET Project]]
+
*Application Developers.  
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks. (Assessment Criteria v1.0)
+
*Software Architects.  
 +
* Information Security Authors. 
 +
*Those who would like the support of a world wide professional community to develop or test an idea.
 +
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.
 +
<br>
  
;[[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]]
+
'''Contact Us'''
:a free and open collection of all the security methods that a developer needs to build a secure web application. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP ModSecurity Core Rule Set Project|OWASP ModSecurity Core Rule Set Project]]
+
If you have any questions, please do not hesitate to contact the [https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGR5QXFWYThiOHZNSldCdkFIMW9kNXc6MQ  OWASP Project Manager, Samantha Groves].  
:a project to document and develop the ModSecurity Core Rule Set (Assessment Criteria v2.0)
+
  
<br> '''DETECT:<br><br>'''
+
</font>
  
;[[:JBroFuzz|OWASP JBroFuzz Project]]
+
<!-- Mediawiki needs all these spaces -->
:a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Live CD Project|OWASP Live CD Project]]
+
<br>
:this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP WebScarab Project|OWASP WebScarab Project]]
+
|}
:a tool for performing all types of security testing on web applications and web services (Assessment Criteria v1.0)
+
  
;[[:OWASP Zed Attack Proxy Project|OWASP Zed Attack Proxy Project]]
+
<!-- Twitter Box -->
:The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. (Assessment Criteria v2.0)
+
  
<br> '''LIFE CYCLE:<br><br>'''
+
| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" |  <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
 +
<!-- There be dragons here -->
 +
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:POM SAMM.jpg|center|300px| link=https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model]]
  
;[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
 
:an online training environment for hands-on learning about application security (Assessment Criteria v1.0)
 
  
<br>
 
  
|
 
'''PROTECT:<br><br>'''
 
  
;[[:Category:OWASP Guide Project|OWASP Development Guide]]
+
[[Image:AppSec USA.jpg|center|300px| link=http://www.appsecusa.org/]]
:a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP .NET Project|OWASP .NET Project]]
 
:the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide V2]]
 
:this Project is the one and only source of information about Rails security topics. (Assessment Criteria v1.0)
 
  
;[[OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]]
 
:this document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. (Assessment Criteria v2.0)
 
  
<br> '''DETECT:<br><br>'''
 
  
;[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard Project]]
+
[[Image:Projects_Banner_3.jpg|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]
:The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying) applications using both security testing and code review techniques. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Code Review Project|OWASP Code Review Guide]]
 
:a project to capture best practices for reviewing code. (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Testing Project|OWASP Testing Guide]]
 
:a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]
 
:an awareness document that describes the top ten web application security vulnerabilities (Assessment Criteria v1.0)
 
  
<br> '''LIFE CYCLE:<br><br>'''
 
  
;[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]]
+
[[Image:Projects_Front_Page_Donation.jpg|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
:FAQ covering many application security topics (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Legal Project|OWASP Legal Project]]
+
{|
:a project focused on providing contract language for acquiring secure software (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Source Code Review OWASP Projects Project|OWASP Source Code Review for OWASP-Projects]]
+
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
:a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC). (Assessment Criteria v1.0)
+
|}
 
+
<br>
+
  
 +
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 
|}
 
|}
 +
<!-- End Banner -->
  
=Beta Status Projects=
 
  
*Beta quality projects are complete and ready to use with documentation.  
+
= Starting a New Project  =
*Projects are listed below.
+
<font size=2pt>
 +
== So you want to start a project... ==
  
{| width="100%"
+
Starting an OWASP Project is easy.  You don't have to be an application security expert.  You just have to have the drive and desire to make a contribution to the application security community.
|-
+
! width="50%" | Tools
+
! Documentation
+
|- valign="top"
+
|
+
'''PROTECT:<br><br>'''  
+
  
;[[:Category:OWASP CSRFGuard Project|OWASP CSRFGuard Project]]
+
Here are some of the guidelines for running a successful OWASP project:
:a J2EE filter that implements a unique request token to mitigate CSRF attacks (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Encoding Project|OWASP Encoding Project]]
+
* The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
:a project focused on the development of encoding best practices for web applications. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP OpenSign Server Project|OWASP OpenSign Server Project]]
+
* You ''can'' run a single person project, but it's usually best to get the community involved.  You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
:the purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp]]
+
* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
:focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP. (Assessment Criteria v1.0)
+
  
;[[OWASP - OctoMS PHP Framework|Octoms]]
+
* Available Grants to consider if you need funding - [https://www.owasp.org/index.php/Grants Click Here]
:a lightweight PHP Framework built for fast debugging, social coding and rapid application development with security in mind
+
  
 +
* You should promote your project through the OWASP channels as well as by outside means.  Get people to blog about it!
  
<br> '''DETECT:<br><br>'''
 
  
;[[:Category:OWASP Access Control Rules Tester Project|OWASP Access Control Rules Tester Project]]
+
== Creating a new project ==
:this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Code Crawler|OWASP Code Crawler]]
+
[http://sl.owasp.org/new-project Here's the simple process for starting a new OWASP Project].
:this tool is aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. (Assessment Criteria v1.0)
+
* Check out the '''[[Guidelines for OWASP Projects]]'''.
  
;[[:Category:OWASP DirBuster Project|OWASP DirBuster Project]]
+
<br>
:DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. (Assessment Criteria v1.0)
+
* Get the following information together:
  
;[[:Category:OWASP Orizon Project|OWASP Orizon Project]]
+
A - PROJECT
:the goal of this project is to develop an extensible code review engine to be used from source code assessment tools. (Assessment Criteria v1.0)
+
# Project Name,
 +
# Project purpose / overview,
 +
# Project Roadmap,
 +
# Project links (if any) to external sites,
 +
# [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_Licensing Project License],
 +
# Project Leader name,
 +
# Project Leader email address,
 +
# Project Leader wiki account - the username (you'll need this to edit the wiki),
 +
# Project Contributor(s) (if any) - name email and wiki account (if any),
 +
# Project Main Links (if any).
 +
<br>
  
;[[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]]
+
==OWASP Recommended Licenses==
:a project focused on combining automated capabilities with complete manual testing to get the best results (Assessment Criteria v1.0)
+
  
;[[ORG (Owasp Report Generator)|OWASP Report Generator]]
+
{{Recommended_Licenses}}
:a project giving security professionals a way to report and keep track of their projects (Assessment Criteria v1.0)
+
  
;[[Owasp SiteGenerator|OWASP Site Generator]]
 
:a project allowing users to create dynamic sites for use in training, web application scanner testing, etc... (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Skavenger Project|OWASP Skavenger Project]]
+
==Funding your Project==
:is a web application security assessment tool kit that passively analyses traffic logged by various MITM proxies as well as other sources and helps to identify various kinds of possible vulnerabilities. (Assessment Criteria v1.0)
+
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit an application to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organisations, but project leaders are required to seek funding through their own initiative.  
  
;[[:Category:OWASP SQLiX Project|OWASP SQLiX Project]]
+
== Project Release ==
:a project focused on the development of SQLiX, a full perl-based SQL scanner (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Sqlibench Project|OWASP Sqlibench Project]]  
+
*As your project reaches a point that you'd like OWASP to assist in its promotion, the [[Global Projects Committee|OWASP Global Projects Committee]] will need the following to help spread the word about your project:
:this is a benchmarking project of automatic sql injectors related to dumping databases. (Assessment Criteria v1.0)
+
  
;[[OWASP Tiger|OWASP Tiger]]
+
# [http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/ Conference style presentation that describes the tool/document in at least 3 slides],
:OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested. (Assessment Criteria v1.0)
+
# [http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/ Project Flyer/Pamphlet (PDF file)],
 +
<br>
 +
* If possible, get also the following information together:
  
;[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]
+
B – FIRST RELEASE
:OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)
+
# Release Name,
 +
# Release Description,
 +
# Release Downloadable file link
 +
# Release Leader,
 +
# Release Contributor(s),
 +
# Release Reviewer,
 +
# Release Sponsor(s) (if any),
 +
# Release Notes
 +
# Release Main Links (if any),
  
;[[:Category:OWASP WSFuzzer Project|OWASP WSFuzzer Project]]
 
:a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer (Assessment Criteria v1.0)
 
  
<br> '''LIFE CYCLE:<br><br>'''
+
==Project Process Forms==
 +
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.
  
;[[:Category:OWASP Teachable Static Analysis Workbench Project|OWASP Teachable Static Analysis Workbench Project]]  
+
* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.
:this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype. (Assessment Criteria v1.0)
+
  
|
+
* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.
'''PROTECT:<br><br>'''
+
  
;[[:Category:OWASP AppSensor Project|OWASP AppSensor Project]]
+
* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.
:a framework for detecting and responding to attacks from within the application. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Backend Security Project|OWASP Backend Security Project]]
+
* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.  
:this is a new project created to improve and to collect the existant information about the backend security. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Securing WebGoat using ModSecurity Project|OWASP Securing WebGoat using ModSecurity Project]]
+
* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.
:the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. (Assessment Criteria v1.0)
+
  
<br> '''DETECT:<br><br>'''
+
* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.
  
;[[:Category:OWASP Tools Project|OWASP Tools Project]]
 
:The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their effectiveness.
 
  
<br> '''LIFE CYCLE:<br><br>'''
+
= Project Assessments  =
 +
<font size=2pt>
 +
==OWASP Project Lifecycle==
 +
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.
  
;[[:Category:OWASP CLASP Project|OWASP CLASP Project]]
 
:a project focused on defining process elements that reinforce application security (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Education Project|OWASP Education Project]]
+
'''The OWASP Project Lifecycle is broken down into the following stages:'''
:a project to build educational tracks and modules for different audiences. (Assessment Criteria v1.0)
+
  
;[[OWASP Spanish|OWASP Spanish Project]]
+
'''Incubator Projects:''' OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.
:first translation effort to make OWASP site and project completely available in Spanish language. (Assessment Criteria v1.0)
+
  
<br>
+
'''Labs Projects:''' OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.
  
|}
+
'''Flagship Projects:''' The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.
  
=Alpha Status Projects=
+
== OWASP Project Stage Benefits==
 +
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.
  
*Alpha quality projects are generally usable but may lack documentation or quality review.  
+
'''Incubator'''
*Projects are listed below.
+
* Financial Donation Management Assistance
 +
* Project Review Support
 +
* WASPY Awards Nominations
 +
* OWASP OSS and OPT Participation
 +
* Opportunity to submit proposal: $500 for Development.
 +
* Community Engagement and Support
 +
* Recognition and visibility of being associated with the OWASP Brand.
  
{| width="100%"
+
'''Labs'''
|-
+
* All benefits given to Incubator Projects
! width="50%" | Tools
+
* Technical Writing Support
! Documentation
+
* Graphic Design Support
|- valign="top"
+
* Project Promotion Support
|
+
* OWASP OSS and OPT: Preference
;[[OWASP Academy Portal Project|OWASP Academy Portal Project]]
+
: a Portal to offer academic material in usable blocks, lab's, video's and forum. (Assessment Criteria v2.0)
+
  
;[[:OWASP Alchemist Project|OWASP Alchemist Project]]
+
'''Flagship'''
:this project enables a software development team in realization of highly secure and defensible application with built-in defences/controls against security‐related design, coding and implementation flaws. (Assessment Criteria v2.0)
+
* All benefits given to Incubator & Labs Projects
 +
* Grant finding and proposal writing help
 +
* Yearly marketing plan development
 +
* OWASP OSS and OPT participation preference
  
;[[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]]
 
:The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed and what level of assessment is appropriate based on business requirement.  (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project]]
+
For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.  
:The idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. (Assessment Criteria v1.0)
+
  
;[[:OWASP ASIDE Project|OWASP ASIDE Project]]
 
:ASIDE is an abbreviation for Application Security in Integrated Development Environment. It is an EclipseTM Plugin which is a software tool primarily designed to help students write more secure code. (Assessment Criteria v2.0)
 
  
;[[:OWASP Broken Web Applications Project|OWASP Broken Web Applications Project]]
+
== OWASP Project Graduation==
:a collection of vulnerable web applications that is distributed on a Virtual Machine. (Assessment Criteria v2.0)
+
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
  
;[[:OWASP Browser Security ACID Tests Project|OWASP Browser Security ACID Tests Project]]
+
The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.
: (Assessment Criteria v2.0)
+
  
;[[Classic ASP Security Project|OWASP Classic ASP Security Project]]
+
* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]
:it aims in creating a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Content Validation using Java Annotations Project|OWASP Content Validation using Java Annotations Project]]
 
:We wish to explore the use of Java annotations for object validation, specifically for content validation. the result will be a framework which should be easy to use with an existing application. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP CRM Project|OWASP CRM Project]]
+
==OWASP Project Health Assessment==
:provides a management system for membership, projects, industry and chapters and users of OWASP projects (Assessment Criteria v1.0)
+
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
  
;[[:Category:OWASP Cryttr - Encrypted Twitter Project|OWASP Cryttr - Encrypted Twitter Project]]
 
:a way to do some encrypted messaging to a group of distributed people with as little overhead as possible. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP CSRFTester Project|OWASP CSRFTester Project]]
+
==OWASP Project Deliverable/Release Assessment==
:gives developers the ability to test their applications for CSRF flaws (Assessment Criteria v1.0)
+
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.  
  
;[[:OWASP Data Exchange Format Project|OWASP Data Exchange Format Project]]
+
Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.  
:to define an open format for exchanging data between pentest tools (Assessment Criteria v2.0)
+
  
;[[OWASP ESOP Framework|OWASP ESOP Framework]]
+
* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]
:the purpose of the framework is to provide a security layer to a given web application / web site via web service (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Encrypted Syndication Project|OWASP Encrypted Syndication Project]]
 
:complements the OWASP Cryttr - Encrypted Twitter Project and serves other few other front ends that can use Encrypted Syndication Protocol. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP EnDe|OWASP EnDe Project]]
+
= Project Inventory  =
:This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web. (Assessment Criteria v1.0)
+
<font size=2pt>
  
;[[ESAPI Swingset|OWASP ESAPI Swingset Project]]
+
==Flagship Projects==
:the ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Favicon Database Project|OWASP Favicon Database Project]]
+
The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.  
:software enumeration via favicon.ico (Assessment Criteria v2.0)
+
  
;[[:OWASP Forward Exploit Tool Project|OWASP Forward Exploit Tool Project]]
 
:this projects aims to develop a tool to exploit Top 10 2010 - A10 - Unvalidated Forward vulnerability to bypass access control to protected Java application files (config, binary -source code, etc.). It aims also to automate the download of known files in Java Web applications. (Assessment Criteria v2.0)
 
  
;[[:Projects/OWASP GoatDroid Project|OWASP GoatDroid Project]]
+
'''Code'''
:this is the Android equivalent to the iGoat Project and will be a sub component of the Mobile Security Project and closely tied to the Mobile Top 10 Risks and forthcoming body of knowledge. (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP AntiSamy Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]
 +
* [https://www.owasp.org/index.php/Projects/OWASP_ModSecurity_Core_Rule_Set_Project OWASP ModSecurity Core Rule Set Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project OWASP CSRFGuard Project]
  
;[[OWASP Hackademic Challenges Project|OWASP Hackademic Challenges Project]]
 
:this project implements realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. (Assessment Criteria v2.0)
 
  
;[[OWASP Hatkit Datafiddler Project|OWASP Hatkit Datafiddler Project]]
+
'''Tools'''
:this is a tool for performing advanced analysis of http traffic. (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php?title=OWASP_Web_Testing_Environment_Project OWASP Web Testing Environment Project]
 +
* [https://www.owasp.org/index.php/Webgoat OWASP WebGoat Project]
 +
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy]
  
;[[OWASP Hatkit Proxy Project|OWASP Hatkit Proxy Project]]
 
:the Hatkit Proxy is an intercepting http/tcp proxy based on the Owasp Proxy, but with several additions. (Assessment Criteria v2.0)
 
  
;[[:OWASP HTTP Post Tool|OWASP HTTP Post Tool]]  
+
'''Documentation'''
:a tool for the purpose of performing web application security assessment around the availability concerns (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide Project]
 +
* [https://www.owasp.org/index.php/OWASP_Codes_of_Conduct OWASP Codes of Conduct]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide Project]
 +
* [https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide OWASP Secure Coding Practices - Quick Reference Guide]
 +
* [https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Software Assurance Maturity Model (SAMM)]
 +
* [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten Project]
  
;[[OWASP iGoat Project|OWASP iGoat Project]]
 
:The iGoat project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]]
+
==Labs Projects==
:a web application that includes common web application vulnerabilities (Assessment Criteria v1.0)
+
  
;[[OWASP Java HTML Sanitizer|OWASP Java HTML Sanitizer]]
+
OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
:this is a fast Java-based HTML Sanitizer which provides XSS protection (Assessment Criteria v2.0)
+
  
;[[:OWASP JavaScript Sandboxes|OWASP JavaScript Sandboxes]]
 
:the goal of this project is to produce a simplified version of Javascript by using regular expressions to remove dangerous functionality and then use Javascript itself to evaluate the results. (Assessment Criteria v2.0)
 
  
;[[:OWASP Java XML Templates Project|OWASP Java XML Templates Project]]  
+
'''Tools'''
:JXT is a fast and secure XHTML-compliant template language that runs on a model similar to JSP. (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project OWASP Broken Web Applications Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project OWASP CSRFTester Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_EnDe OWASP EnDe Project]
 +
* [https://www.owasp.org/index.php/OWASP_Fiddler_Addons_for_Security_Testing_Project OWASP Fiddler Addons for Security Testing Project]
 +
* [https://www.owasp.org/index.php/OWASP_Forward_Exploit_Tool_Project OWASP Forward Exploit Tool Project]
 +
* [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project OWASP Hackademic Challenges Project]
 +
* [https://www.owasp.org/index.php/OWASP_Hatkit_Datafiddler_Project OWASP Hatkit Datafiddler Project]
 +
* [https://www.owasp.org/index.php/OWASP_Hatkit_Proxy_Project OWASP Hatkit Proxy Project]
 +
* [https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool OWASP HTTP POST Tool]
 +
* [https://www.owasp.org/index.php/OWASP_Java_XML_Templates_Project OWASP Java XML Templates Project]
 +
* [https://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes OWASP JavaScript Sandboxes Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project OWASP Joomla Vulnerability Scanner Project]
 +
* [https://www.owasp.org/index.php/OWASP_LAPSE_Project OWASP LAPSE Project]
 +
* [https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework OWASP Mantra Security Framework]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Mutillidae OWASP Mutillidae Project]
 +
* [https://www.owasp.org/index.php/OWASP_O2_Platform OWASP O2 Platform]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
 +
* [https://www.owasp.org/index.php/Scrubbr OWASP Scrubbr]
 +
* [http://owasp.com/index.php/Category:OWASP_Security_Assurance_Testing_of_Virtual_Worlds_Project OWASP Security Assurance Testing of Virtual Worlds Project]
 +
* [https://www.owasp.org/index.php/Project_Information:template_Vicnum_Project OWASP Vicnum Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
 +
* [https://www.owasp.org/index.php/OWASP_Web_Browser_Testing_System_Project OWASP Web Browser Testing System Project]
 +
* [https://www.owasp.org/index.php/Webscarab OWASP WebScarab Project]
 +
* [https://www.owasp.org/index.php/Project_Information:template_Webslayer_Project OWASP Webslayer Project]
 +
* [https://www.owasp.org/index.php/Project_Information:template_WSFuzzer_Project OWASP WSFuzzer Project]
 +
* [https://www.owasp.org/index.php/Project_Information:template_Yasca_Project OWASP Yasca Project]
  
;[[:Category:OWASP Joomla Vulnerability Scanner Project|OWASP Joomla Vulnerability Scanner Project]]
 
:a regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution,XSS, DOS,directory traversal vulnerabilities of a target Joomla! web site
 
  
;[[:Category:OWASP JSP Testing Tool Project|OWASP JSP Testing Tool Project]]  
+
'''Documentation'''
:the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. (Assessment Criteria v1.0)
+
* [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series OWASP AppSec Tutorial Series]
 +
* [https://www.owasp.org/index.php/OWASP_AppSensor_Project OWASP AppSensor Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Cloud_‐_10_Project OWASP Cloud ‐ 10 Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_CTF_Project OWASP CTF Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database OWASP Fuzzing Code Database]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Legal_Project OWASP Legal Project]
 +
* [https://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast Project]
 +
* [https://www.owasp.org/index.php/Virtual_Patching_Best_Practices Virtual Patching Best Practices]
  
;[[:Category:OWASP LAPSE Project|OWASP LAPSE Project]]
 
:an Eclipse-based source-code static analysis tool for Java (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Learn About Encoding Project|OWASP Learn About Encoding Project]]
+
<div id="sammysam"></div>
:this project has as its ultimate goal of demystifying the problems related to the study of character encoding (charset encoding). (Assessment Criteria v1.0)
+
==Incubator Projects==
  
;[[OWASP Mantra - Security Framework|OWASP Mantra - Security Framework]]
+
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
: this is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.  
+
  
;[[:Category:OWASP Mutillidae|OWASP Mutillidae Project]]
 
:a deliberately vulnerable set of PHP scripts that implement the OWASP Top 10
 
  
;[[:OWASP NAXSI Project|OWASP NAXSI Project]]
+
'''Code'''
:its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions. (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project OWASP Secure the Flag Project]
 +
* [https://www.owasp.org/index.php/Opa OWASP OPA]
 +
* [https://www.owasp.org/index.php/OWASP_Alchemist_Project OWASP Alchemist Project]
 +
* [https://www.owasp.org/index.php/OWASP_ESOP_Framework OWASP ESOP Framework]
 +
* [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Java Encoder Project]
 +
* [https://www.owasp.org/index.php/OWASP_Passfault OWASP Passfault]
 +
* [https://www.owasp.org/index.php/OWASP_OctoMS OWASP OctoMS]
 +
* [https://www.owasp.org/index.php/OWASP_Java_Uncertain_Form_Submit_Prevention OWASP Java Uncertain Form Submit Prevention]
 +
* [https://www.owasp.org/index.php/OWASP_Ecuador OWASP Ecuador]
 +
* [https://www.owasp.org/index.php/OWASP_AW00T OWASP AW00t]
 +
* [https://www.owasp.org/index.php/OWASP_ONYX OWASP ONYX]
 +
* [https://www.owasp.org/index.php/OWASP_JSON_Sanitizer OWASP JSON Sanitizer]
 +
* [https://www.owasp.org/index.php/OWASP_Security_Research_and_Development_Framework OWASP Security Research and Development Framework]
 +
* [https://www.owasp.org/index.php/OWASP_1-Liner OWASP 1-Liner]
 +
* [https://www.owasp.org/index.php/OWASP_Focus OWASP Focus]
  
;[[:Category:OWASP NetBouncer Project|OWASP NetBouncer Project]]
 
:is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level. (Assessment Criteria v1.0)
 
  
;[[Opa |Opa]]
+
'''Tools'''
:Usher in a new generation of web development tools and methodologies. (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/OWASP_WhatTheFuzz_Project#tab=Project_About OWASP WhatTheFuzz Project]
 +
* [https://www.owasp.org/index.php/OWASP_Security_Tools_for_Developers_Project OWASP Security Tools for Developers Project]
 +
* [https://www.owasp.org/index.php/OWASP_SIMBA_Project OWASP SIMBA Project]
 +
* [https://www.owasp.org/index.php/OWASP_VFW_Project OWASP VFW Project]
 +
* [https://www.owasp.org/index.php/OWASP_OVAL_Content_Project OWASP OVAL Content Project]
 +
* [https://www.owasp.org/index.php/OWASP_WAF_Project OWASP WAF Project]
 +
* [https://www.owasp.org/index.php/OWASP_NAXSI_Project OWASP NAXSI Project]
 +
* [https://www.owasp.org/index.php/OWASP_Passw3rd_Project OWASP Passw3rd Project]
 +
* [https://www.owasp.org/index.php/OWASP_File_Hash_Repository OWASP File Hash Repository]
 +
* [https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET OWASP WebGoat.NET]
 +
* [https://www.owasp.org/index.php/OWASP_AJAX_Crawling_Tool OWASP AJAX Crawling Tool]
 +
* [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF]
 +
* [https://www.owasp.org/index.php/OWASP_Path_Traverser OWASP Path Traverser]
 +
* [https://www.owasp.org/index.php/OWASP_OWASP_Watiqay OWASP Watiqay]
 +
* [https://www.owasp.org/index.php/Projects/OWASP_Security_Shepherd/Roadmap OWASP Security Shepherd]
 +
* [https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework OWASP Xenotix XSS Exploit Framework]
 +
* [https://www.owasp.org/index.php/OWASP_Mantra_OS OWASP Mantra OS]
 +
* [https://www.owasp.org/index.php/OWASP_XSSER OWASP XSSER]
 +
* [https://www.owasp.org/index.php/OWASP_Academy_Portal_Project OWASP Academy Portal Project]
 +
* [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE Project]
 +
* [https://www.owasp.org/index.php/OWASP_Browser_Security_ACID_Tests_Project OWASP Browser Security ACID Test Project]
 +
* [https://www.owasp.org/index.php/OWASP_iGoat_Project OWASP iGoat Project]
 +
* [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer OWASP Java HTML Sanitizer Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Proxy OWASP Proxy Project]
 +
* [https://www.owasp.org/index.php/OWASP_SamuraiWTF_Project OWASP SamuraiWTF]
 +
* [https://www.owasp.org/index.php/O-Saft O-Saft]
 +
* [https://www.owasp.org/index.php/OWASP_Crowdtesting OWASP Crowdtesting]
 +
* [https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project OWASP OpenStack Security Project]
 +
* [https://www.owasp.org/index.php/OWASP_Desktop_Goat_and_Top_5_Project OWASP Desktop Goat and Top 5 Project]
 +
* [https://www.owasp.org/index.php/OWASP_Bricks OWASP Bricks]
  
;[[:Category:OWASP Open Review Project|OWASP Open Review Project (ORPRO)]]
 
:a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. (Assessment Criteria v2.0)
 
  
;[[OWASP OVAL Content Project|OWASP OVAL Content Project]]
+
'''Documentation'''
:The purpose of this project is to create OVAL content to enable any OVAL compatible tool find security issues which can be represented in a standard format (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/OWASP_Data_Exchange_Format_Project OWASP Data Exchange Format Project]
 +
* [https://www.owasp.org/index.php/Cheat_Sheets OWASP Cheat Sheets Project]
 +
* [https://www.owasp.org/index.php/OWASP_Proactive_Controls OWASP Proactive Controls]
 +
* [https://www.owasp.org/index.php/OWASP_Java_J2EE_Secure_Development_Curriculum OWASP Java/J2EE Secure Development Curriculum]
 +
* [https://www.owasp.org/index.php/OWASP_Crossword_of_the_Month OWASP Crossword of the Month]
 +
* [https://www.owasp.org/index.php/OWASP_Secure_Password_Project OWASP Secure Password Project]
 +
* [https://www.owasp.org/index.php/OWASP_Security_Baseline_Project OWASP Security Baseline Project]
 +
* [https://www.owasp.org/index.php/OWASP_Software_Security_Assurance_Process OWASP Software Security Assurance Process]
 +
* [https://www.owasp.org/index.php/OWASP_Threat_Modelling_Project OWASP Threat Modeling Project]
 +
* [https://www.owasp.org/index.php/OWASP_Web_Application_Security_Accessibility_Project#tab=Project_About OWASP Web Application Security Accessibility Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Requirements_Project OWASP Application Security Requirements Project]
 +
* [https://www.owasp.org/index.php/OWASP_Common_Numbering_Project OWASP Common Numbering Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project OWASP Favicon Database Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Assessment_Standards_Project OWASP Application Security Assessment Standards Project]
 +
* [https://www.owasp.org/index.php/OWASP_Application_Security_Program_for_Managers OWASP Application Security Program for Managers]
 +
* [https://www.owasp.org/index.php/OWASP_Application_Security_Skills_Assessment OWASP Application Security Skills Assessment]
 +
* [https://www.owasp.org/index.php/OWASP_Browser_Security_Project OWASP Browser Security Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_CBT_Project OWASP Computer Based Training Project (OWASP CBT Project)]
 +
* [https://www.owasp.org/index.php/OWASP_Enterprise_Application_Security_Project OWASP Enterprise Application Security Project]
 +
* [https://www.owasp.org/index.php/OWASP_Exams_Project OWASP Exams Project]
 +
* [https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project OWASP GoatDroid Project]
 +
* [https://www.owasp.org/index.php/OWASP_Myth_Breakers_Project OWASP Myth Breakers Project]
 +
* [http://owasp.com/index.php/OWASP_Project_Partnership_Model OWASP Project Partnership Model]
 +
* [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP Request For Proposal]
 +
* [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]
 +
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]
 +
* [https://www.owasp.org/index.php/OWASP_Application_Security_Awareness_Top_10_E-learning_Project OWASP Application Security Awareness Top 10 E-learning Project]
 +
* [https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities OWASP Periodic Table of Vulnerabilities]
 +
* [https://www.owasp.org/index.php/WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]
 +
* [https://www.owasp.org/index.php/ESAPI_Swingset OWASP ESAPI Swingset Project]
 +
* [https://www.owasp.org/index.php/OWASP_Press OWASP Press]
 +
* [https://www.owasp.org/index.php/OWASP_CISO_Survey OWASP CISO Survey]
 +
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project OWASP Application Security Guide For CISOs]
 +
* [https://www.owasp.org/index.php/OWASP_Embedded_Application_Security OWASP Embedded Application Security]
  
;[[:OWASP O2 Platform|OWASP O2 Platform]]
 
:this project is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile (Assessment Criteria v2.0)
 
  
;[[:OWASP Passw3rd Project|OWASP Passw3rd Project]]
 
: this project stores passwords in encrypted files with an easy to use command line interface, and utilities to use the passwords in code (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP PHP AntiXSS Library Project|OWASP PHP AntiXSS Library Project]]
+
==Inactive Projects==
:reduce cross-site scripting vulnerabilities by encoding your output (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Python Static Analysis Project|OWASP Python Static Analysis Project]]
+
'''Archived Projects'''
:the aim of this project is to provide full language support,other Python frameworks support, analysis improvement, reporting capability, documentation, promotion materials: publication-ready article and presentation (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Proxy|OWASP Proxy Project]]
+
OWASP Archived Projects are inactive Labs projects. If you are interested in pursuing any of the projects below, please contact us and let us know of your interest.
:aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. (Assessment Criteria v1.0)
+
  
;[[:OWASP Security Tools for Developers Project|OWASP Security Tools for Developers Project]]
+
* [https://www.owasp.org/index.php/Category:OWASP_Access_Control_Rules_Tester_Project OWASP Access Control Rules Tester Project]
:aims to develop a reference implementation of open source tools integrated in an end to end development process. This will likely include a reference architecture, guidance and a reference implementation using open source tools. (Assessment Criteria v2.0)
+
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Metrics_Project OWASP Application Security Metrics Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_AppSec_FAQ_Project OWASP AppSec FAQ Project]
 +
* [https://www.owasp.org/index.php/Asdr OWASP ASDR Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Backend_Security_Project OWASP Backend Security Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls OWASP Best Practices: Use of Web Application Firewalls]
 +
* [https://www.owasp.org/index.php/Category:OWASP_CAL9000_Project OWASP CAL9000 Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_CLASP_Project OWASP CLASP Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Code_Crawler OWASP CodeCrawler Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Content_Validation_using_Java_Annotations_Project OWASP Content Validation using Java Annotations Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project OWASP DirBuster Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Encoding_Project OWASP Encoding Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Google_Hacking_Project OWASP Google Hacking Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project OWASP Insecure Web App Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Interceptor_Project OWASP Interceptor Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_JSP_Testing_Tool_Project OWASP JSP Testing Tool Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_LiveCD_Education_Project OWASP LiveCD Education Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Logging_Project OWASP Logging Guide]
 +
* [https://www.owasp.org/index.php/Category:OWASP_NetBouncer_Project OWASP NetBouncer Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_OpenSign_Server_Project OWASP OpenSign Server Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project OWASP Pantera Web Assessment Studio Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_PHP_Project OWASP PHP Project]
 +
* [https://www.owasp.org/index.php/ORG_%28OWASP_Report_Generator%29 OWASP Report Generator]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Ruby_on_Rails_Security_Guide_V2 OWASP Ruby on Rails Security Guide V2]
 +
* [https://www.owasp.org/index.php/Category:OWASP_SASAP_Project OWASP Scholastic Application Security Assessment Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Security_Spending_Benchmarks OWASP Security Spending Benchmarks Project]
 +
* [https://www.owasp.org/index.php/OWASP_SiteGenerator OWASP Site Generator Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Skavenger_Project OWASP Skavenger Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project OWASP Source Code Flaws Top 10 Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Sprajax_Project OWASP Sprajax Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP Sqlibench Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project OWASP sqliX Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Stinger_Project OWASP Stinger Project]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Teachable_Static_Analysis_Workbench_Project OWASP Teachable Static Analysis Workbench Project]
 +
* [https://www.owasp.org/index.php/OWASP_Tiger OWASP Tiger]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Tools_Project OWASP Tools Project]
 +
* [https://www.owasp.org/index.php/Projects/OWASP_Uniform_Reporting_Guidelines OWASP Uniform Reporting Guidelines]
 +
* [https://www.owasp.org/index.php/Category:OWASP_WeBekci_Project OWASP Webekci Project]
 +
* [https://www.owasp.org/index.php/JBroFuzz JBroFuzz]
 +
* [https://owasp.org/index.php/Category:OWASP_SWAAT_Project OWASP SWAAT Project]
 +
* [https://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manifesto OWASP Secure Web Application Framework Manifesto]
  
;[[:OWASP Secure the Flag Competition Project]]
 
:aims to create a different type of competition that encourages secure coding rather than hacking skills. (Assessment Criteria v2.0)
 
  
;[[OWASP SIMBA Project|OWASP SIMBA Project]]
+
= Marketing Materials  =
:SIMBA (Security Integration Module for Business Applications) is a User Access Management system that can be integrated with any business application. (Assessment Criteria v2.0)
+
<font size=2pt>
  
;[[:Category:OWASP Sprajax Project|OWASP Sprajax Project]]
+
==Philosophy==
:an open source black box security scanner used to assess the security of AJAX-enabled applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Stinger Project|OWASP Stinger Project]]
+
OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.
:a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications (Assessment Criteria v1.0)
+
  
;[[:OWASP VFW Project|OWASP VFW Project]]
 
:this project is to mitigate web applications threats using Varnish which is a modern, very flexible and scalable reverse-proxy system which supports VCL, a wonderful domain-specific language to deal with HTTP (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Vicnum Project|OWASP Vicnum Project]]
+
==Brand Usage Rules==
:a flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag' (Assessment Criteria v2.0)
+
  
;[[OWASP WAF Project|OWASP WAF Project]]
+
The following rules make reference to all OWASP marketing and graphic materials. This refers to any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.
:the OWASP Web Application Firewall (WAF) Project is a ModSecurity endorsed Port of their Language Specification (Level 1) for Java and .NET based on the contribution to ESAPI-Java by Arshan Dabirsiaghi (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Wapiti Project|OWASP Wapiti Project]]
+
# The OWASP Brand may be used to direct people to the OWASP website for information about application security.
:the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable (Assessment Criteria v1.0)
+
# The OWASP Brand may be used in commentary about the materials found on the OWASP website.
 +
# The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
 +
# The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
 +
# The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
 +
# The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
 +
# The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
 +
# The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
 +
# The OWASP Brand may be used by special arrangement with The OWASP Foundation.
  
;[[:Category:OWASP Web Application Security Metric using Attack Patterns Project|OWASP Web Application Security Metric using Attack Patterns Project]]
 
:the project provides attack pattern database along with prototype model (Assessment Criteria v1.0)
 
  
;[[:OWASP Web Browser Testing System Project|OWASP Web Browser Testing System Project]]
+
==Resources==
: (Assessment Criteria v2.0)
+
* '''[https://www.owasp.org/images/0/07/OWASP_Image_Toolbox.zip OWASP Logo Toolbox]:''' This includes all of OWASP's logo image files in various formats.
 +
* '''[https://www.owasp.org/images/2/2a/OWASP_BUSINESS_CARD_TEMPLATES.zip OWASP Business Card Templates]:''' This includes the front and back PSD files for the OWASP Business Card.
  
;[[:Category:OWASP Web 2.0 Project|OWASP Web 2.0 Project]]
 
:a place for advanced research of security in the Web 2.0 world (Assessment Criteria v1.0)
 
  
;[[OWASP Web Testing Environment Project|OWASP Web Testing Environment Project]]
+
'''Merchandise Requests'''
: (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]
+
*Submit your application using the '''[https://spreadsheets.google.com/a/owasp.org/spreadsheet/viewform?formkey=dF85bGtvdWdrd2JjYldNZ1gxSkJxaEE6MQ OWASP Merchandise Request Form]'''.  
:this is web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Webslayer Project|OWASP Webslayer Project]]
 
:a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (Assessment Criteria v1.0)
 
  
;[[OWASP WebScarab NG Project|OWASP WebScarab NG Project]]
+
'''Ads/Flyers'''
:this is a robust tool that assists the user in penetration test. This is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly-  (Assessment Criteria v2.0)
+
  
;[[OWASP WhatTheFuzz Project|OWASP WhatTheFuzz Project]]
+
* '''[https://www.owasp.org/images/4/49/OWASP_Brochure_-_Global.pdf OWASP Flyer]'''
:this is an easy to use, easy to get started fuzzer for websites (Assessment Criteria v2.0)
+
* '''[https://www.owasp.org/images/a/ac/OWASP-AD-V3-FINAL.pdf OWASP 2012 Standard Print Ad]'''
 +
* '''[https://www.owasp.org/images/2/2d/OWASP-AD-V3-FINAL-A4.pdf OWASP 2012 A4 Print Ready Ad]'''
 +
* '''[https://www.owasp.org/images/1/1f/OWASP-AD-V3-FINAL-A42.pdf OWASP 2012 A4-2 Print Ready Ad]'''
  
;[[:Category:OWASP Yasca Project|OWASP Yasca Project]]
 
:Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools. (Assessment Criteria v1.0)
 
  
|
+
'''Banners'''
;[[:Category:OWASP ASDR Project|OWASP ASDR Project]]
+
:is a reference volume that contains basic information about all the foundational topics in application security (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]]  
+
* '''[https://www.owasp.org/index.php/OWASP_Merchandise#Banners Banner Examples]'''
:identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security (Assessment Criteria v2.0)
+
* '''[http://dl.dropbox.com/u/38979962/owasp_gear_335x83_300dpi.pdf Cog wheel banner]'''
 +
* '''[http://dl.dropbox.com/u/38979962/OWASP_Banner_300dpi.pdf/OWASP_Banner_300dpi.pdf Honeycomb banner]'''
  
;[[:OWASP Application Security Program for Manager|OWASP Application Security Program for Manager]]
 
:create an OWASP Roadmap for the world wide Companies Type. (Assessment Criteria v2.0)
 
  
;[[:OWASP Application Security Skills Assessment|OWASP Application Security Skills Assessment]]
+
'''Presentations'''
:Help individuals understand their strengths and weaknesses in specific application security skills. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP AIR Security Project|OWASP AIR Security Project]]
+
These slides are presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for an "overview of owasp".
:investigating the security of AIR applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Guide]]  
+
* '''[https://www.owasp.org/images/3/35/2012Whereweare..Wherearewegoing.pdf 2012 Athens Where we are, Where we are going..]'''
:investigating the security of AJAX enabled applications (Assessment Criteria v1.0)
+
* '''[https://www.owasp.org/images/8/83/FINAL-OWASP_Global_Board_Update_AppSecUS11.ppt.pdf 2011 Where we are, Where we are going..]'''
  
;[[:Category:OWASP Anti-Malware Project|OWASP Anti-Malware Project]]
 
:describing common flaws in security designs (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Application Security Requirements Project|OWASP Application Security Requirements]] (Assessment Criteria v1.0)
+
==OWASP Press==
  
;[[:Category:OWASP Best Practices: Use of Web Application Firewalls|OWASP Best Practices: Use of Web Application Firewalls]]
+
The OWASP press is a pattern for massive community collaboration on OWASP documentation projects with just-in-time publication. Visit the [https://www.owasp.org/index.php/OWASP_Press OWASP Press Page] for more information.  
:the document is aimed primarily at technical decision-makers, especially those responsible for operations and security (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Book Cover & Sleeve Design|OWASP Book Cover &amp; Sleeve Design]]
 
:this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve. (Assessment Criteria v1.0)
 
  
;[[:OWASP Browser Security Project|OWASP Browser Security Project]]
+
= Terminology =
:To be definied (Assessment Criteria v2.0)
+
<font size=2pt>
 +
== OWASP Project Infrastructure ==
  
;[[:Category:OWASP Boot Camp Project|OWASP Boot Camp Project]]
 
:this project was started to supply a brief information about the OWASP projects. (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Career Development Project|OWASP Career Development Project]]
+
*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.
:The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]
 
  
(Assessment Criteria v1.0)
+
*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
  
;[[:Category:OWASP Certification Project|OWASP Certification Project]]
 
:our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. (Assessment Criteria v1.0)
 
  
;[[:Cheat Sheets|OWASP Cheat Sheets Project]]
+
*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
:this project was created to provide a concise collection of high value information on specific security topics. These cheat sheets were created by multiple application security experts and provide excellent security guidance in an easy to read format. (Assessment Criteria v2.0)
+
  
;[[:OWASP Codes of Conduct|OWASP Codes of Conduct]]
 
:to create and maintain OWASP Codes of Conduct. (Assessment Criteria v2.0)
 
  
;[[:OWASP College Chapters Program|OWASP College Chapters Program]]
+
*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.
:(Assessment Criteria v2.0)
+
  
;[[OWASP Common Numbering Project|OWASP Common Numbering Project]]
 
:a new numbering scheme that will be common across OWASP Guides and References (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP CBT Project|Computer Based Training Project (OWASP CBT Project)]]
+
*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.  
:the goal of this project is to provide computer based training on OWASP security related initiatives. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Communications Project|OWASP Communications Project]]
 
  
(Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Cloud ‐ 10 Project|OWASP Cloud ‐ 10 Project]]
+
== OWASP Project Reviews ==
:The goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. (Assessment Criteria v2.0)
+
  
;[[:OWASP Enterprise Application Security Project|OWASP Enterprise Application Security Project]]
 
:provides guidance to people involved in the procurement, design, implementation or sign-off of large scale (ie 'Enterprise') applications. (Assessment Criteria v2.0)
 
  
;[[:OWASP Exams Project|OWASP Exams Project]]
+
*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.  
:The OWASP Exams project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators. (Assessment Criteria v2.0)
+
  
;[[:OWASP Fiddler Addons for Security Testing Project|OWASP Fiddler Addons for Security Testing Project]]
 
:a passive vulnerability scanner and an active XSS testing and input/output encoding detection (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Flash Security Project|OWASP Flash Security Project]]
+
*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.  
:investigating the security of Flash applications (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]]
 
:a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements. (Assessment Criteria v1.0)
 
  
;[[:OWASP Hungarian Translation Project|OWASP Hungarian Translation Project]]
+
*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.
:we plan to translate OWASP material that we consider fundamental (ASVS, Bulding Guide, Testing Guide, Top 10) first, and move on later. (Assessment Criteria v2.0)
+
  
;[[OWASP German Language Project|OWASP German Language Project]]
 
:(Assessment Criteria v2.0)
 
 
;[[:Category:OWASP Individual and Corporate Member Packs plus Conference Attendee Packs Brief|OWASP Member Packs/Conference Attendee Packs]]
 
:this is a project of corporate design to develop an Individual/Member Pack. (Assessment Criteria v1.0)
 
  
;[[:OWASP Java Project|OWASP Java Project]]
+
*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].
:a project focused on helping Java and J2EE developers build secure applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Logging Project|OWASP Logging Guide]]
 
:a project to define best practices for logging and log management (Assessment Criteria v1.0)
 
  
;[[:OWASP Mobile Security Project|OWASP Mobile Security Project]]
+
*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.  
:a project to help the community better understand the risks present in mobile applications, and learn to defend against them. (Assessment Criteria v2.0)
+
  
;[[OWASP Myth Breakers Project|OWASP Myth Breakers Project]]
 
:a project similar to http://dsc.discovery.com/tv/mythbusters but for appsec, urban legends and assumptions regarding appsec will be tested and there'll be a set of examples that will prove the correctness/uncorrectness of a statement realted to the question. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP on the Move Project|OWASP on The Move Project]]
+
*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.
:a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP PCI Project|OWASP PCI Project]]
 
:a project to build and maintain community concensus for managing regulatory risk of web applications (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP PHP Project|OWASP PHP Project]]
 
:a project focused on helping PHP developers build secure applications (Assessment Criteria v1.0)
 
  
;[[:OWASP Portuguese Language Project|OWASP Portuguese Language Project]]
+
== OWASP Project Processes ==
:a project aiming to coordinate and push foward the iniciatives developed to translate OWASP materials to Portuguese. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Positive Security Project|OWASP Positive Security Project]]
+
*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.
:a project to learn how companies are working to create a positive security approach on their own resources and use this knowledge to create a set of control, marketing and awareness tools that will be available to promote and construct a positive approach to security worldwide (Assessment Criteria v1.0)
+
  
;[[OWASP RFP-Criteria|OWASP Request for Proposal]]
 
:a project that is intended to provide a list of questions to consider when seeking a dynamic application security service provider. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP SASAP Project|OWASP Scholastic Application Security Assessment Project]]
+
*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.
:a project that is intended to be the first step towards integrating security requirements in academic course curriculum (Assessment Criteria v1.0)
+
  
;[[:OWASP Secure Password Project|OWASP Secure Password Project]]
 
:a project that will have a two pronged approach designed to put more nails in the single-factor method of authentication (Assessment Criteria v2.0)
 
  
;[[:OWASP Secure Web Application Framework Manifesto]]
+
*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.
:this project is a document detailing a specific set of security requirements for developers of web application frameworks to adhere to. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Security Analysis of Core J2EE Design Patterns Project|OWASP Security Analysis of Core J2EE Design Patterns Project]]
 
:a to be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Security Assurance Testing of Virtual Worlds Project|OWASP Security Assurance Testing of Virtual Worlds Project]]
+
*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.
:a testing framework specific to Virtual World related applications (MMORGs) and environments (Assessment Criteria v2.0)
+
  
;[[:OWASP Security Baseline Project|OWASP Security Baseline Project]]
 
:aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Security Spending Benchmarks|OWASP Security Spending Benchmarks]]
+
*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.
:provides insight to reduce operational appsec costs (Assessment Criteria v1.0)
+
  
;[[:Category:Software Assurance Maturity Model|Software Assurance Maturity Model (SAMM)]]
 
:this project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that's tailored to the specific business risks facing the organization.
 
  
;[[OWASP Software Security Assurance Process|OWASP Software Security Assurance Process]]
+
*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.
:To outlines mandatory and recommended processes and practices to manage risks associated with applications. Should be the framework to map Requirements, Dev and Testing guidelines for example. (Assessment Criteria v2.0)
+
  
;[[OWASP Threat Modelling Project|OWASP Threat Modelling Project]]
 
:(Assessment Criteria v2.0)
 
  
;[[OWASP Uniform Reporting Guidelines|OWASP Uniform Reporting Guidelines]]
+
== Projects at Conferences ==
:this project will complement the OWASP testing guide as well as the OWASP RFP Template. This is going to be a reporting template for vulnerability findings which will be free, base on industry best practices and hopefully will become the defacto standard. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Validation Project|OWASP Validation Project]]
+
*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.
:a project that provides guidance and tools related to validation (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP WASS Project|OWASP WASS Guide]]
 
:a standards project to develop more concrete criteria for secure applications (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Web Application Scanner Specification Project|OWASP Web Application Scanner Specification Project]]
+
*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.
:there will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. (Assessment Criteria v1.0)
+
  
;[[OWASP Web Application Security Accessibility Project|OWASP Web Application Security Accessibility Project]]
 
:this project will focus extensively on the issue of web application security accessibility. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]
+
*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.  
:real-world web application security for Ruby on Rails, Apache and MySQL (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP XML Security Gateway Evaluation Criteria Project|OWASP XML Security Gateway Evaluation Criteria]]
 
:a project to define evaluation criteria for XML Security Gateways (Assessment Criteria v1.0)
 
  
;[[Security Ecosystem Project|OWASP Security Ecosystem Project]]
+
== OWASP Projects General == 
:nobody (and no company) can build secure software by themselves. We have seen that vulnerability research can help to drive security forward in companies, but it’s a painful process. We envision a partnership between technology platform vendors and a thriving ecosystem focused on the security of their technology. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Speakers Project|OWASP Speakers Project]]
+
*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].  
:a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)
+
  
|}
 
  
=Inactive Projects=
+
= Sponsorships and Donations  =
 +
<font size=2pt>
  
*Inactive projects are unrated projects (projects that have not reached any one of Alpha, Beta, or Release status) which may have been abandoned. Efforts are being made to contact project leads to determine status and plans for future work.  
+
==Donate to OWASP Projects Division==
*Projects are listed below.
+
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.
  
{| width="100%"
+
'''This is how your money can help:'''
 +
 
 +
* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
 +
* $100 could help fund OWASP project demos at major conferences.
 +
* $250 could help get our volunteer Project Leaders to speaking engagements.
 +
 
 +
 
 +
[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
 +
 
 +
 
 +
==OWASP Project Sponsors==
 +
 
 +
'''Americas'''
 +
*
 +
 
 +
'''Africa'''
 +
*
 +
 
 +
'''Asia'''
 +
*
 +
 
 +
'''Europe'''
 +
*
 +
 
 +
'''Middle East'''
 +
*
 +
 
 +
= Project Press Center  =
 +
<font size=2pt>
 +
 
 +
==Social Media==
 +
[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]
 +
 
 +
 
 +
==Security Podcast with Jim Manico==
 +
{| style="background-color: transparent"
 
|-
 
|-
! width="50%" | Tools
+
! width="200" align="center" | <br>
! Documentation
+
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Jim_Projects.jpg|100px]]
 +
| align="justify" | The OWASP foundation presents the OWASP PODCAST SERIES hosted and produced by [mailto:jim@owasp.org Jim Manico]. Listen as interviews are conducted with OWASP volunteers, industry experts and leaders within the field of software security. Visit the [https://www.owasp.org/index.php/OWASP_Podcast Podcast Page] for more information.
 +
|}
 +
 
 +
 
 +
==OWASP Appsec Tutorial Series with Jerry Hoff==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Jerry_Projects.jpg|100px]]
 +
| align="justify" |The OWASP AppSec Tutorial Series project provides a video based means of conveying complex application security concepts in an easily accessible and understandable way. Each video is approximately 5-10 minutes long and highlights one or more specific application security concepts, tools, or methodologies. The goal of the project is quite simple and yet quite audacious - provide top notch application security video based training... for free! Visit the [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series#Project_Lead Tutorial Series Page] for more information.
 +
|}
 +
 
 +
 
 +
==OWASP Global Projects Announcements==
 +
 
 +
{| width="100%" cellspacing="20" cellpadding="10"
 
|- valign="top"
 
|- valign="top"
|  
+
| width="33%" style="background:#fafcdb" |
;[[:Category:OWASP CAL9000 Project|OWASP CAL9000 Project]]
+
==OWASP AppSecEU Research 2013: CfPs Released==
:a JavaScript based web application security testing suite
+
  
;[[:Category:OWASP Google Hacking Project|OWASP Google Hacking Project]]
+
After having some luck and with a little bit of work in order to constitute two splendid program committees we're just released the "Call for Ps". One for the [https://www.owasp.org/index.php/AppSecEU2013/CfPresos Research Track], one regular [https://www.owasp.org/index.php/AppSecEU2013/CfPapers Industry Tracks].
:Google SOAP Search API with Perl
+
  
;[[:Category:OWASP Interceptor Project|OWASP Interceptor Project]]
+
If you think you can contribute with your presentation or paper something to the topics listed in the CfPs, you're
:A testing tool for XML web service and Ajax interfaces.
+
cordially invited to submit a proposal.
  
;[[:Category:OWASP LiveCD Education Project|OWASP Live CD Education Project]]
+
We look forward to a great http://AppSec.EU/ conference this August in Hamburg.
:an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]] and [http://www.securitydistro.com/ Security Distro] (Assessment Criteria v1.0)
+
  
|
+
Help us spread the word!
;[[:OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]]
+
|}
:This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.
+
  
;[[:Category:OWASP Source Code Flaws Top 10 Project|OWASP Source Code Flaws Top 10 Project]]
+
{| width="100%" cellspacing="20" cellpadding="10"
:a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review (Assessment Criteria v1.0)
+
|- valign="top"
 +
| width="33%" style="background:#e6f5e9" |
 +
==Open Source Project Track Opportunities at AppSec APAC 2013==
  
 +
===This 'Call for Entries' is now closed.===
 +
 +
The AppSec APAC conference organizers, in conjunction with the Global Projects Division, is pleased to announce a Call for Entries for the OWASP Projects Track (OPT).
 +
 +
We are offering a limited number of speaking opportunities to open source projects this year, as well as FREE conference admission for the representatives of the chosen projects. We would like to invite ALL open source projects to apply.
 +
 +
 +
'''About the AppSec APAC 2013 OWASP Project Track'''
 +
The APAC 2013 OPT forum differs from OSS in that only OWASP Projects can apply to participate. This is a great opportunity for OWASP Project Leaders to showcase their project as an official conference presenter. Please note that successful OPT applicants are responsible for developing and presenting in their designated timeslot at the conference.
 +
 +
For an opportunity to present your open source project through the OPT at AppSec APAC 2013, please submit your application using the [https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGZYWHhydVNSRF9kUUE5VTRPa09sbUE6MA#gid=0 OPT APAC 2013 Application].
 +
 +
 +
'''Sponsorship Opportunities'''
 +
OWASP Project Leaders have the option of requesting financial assistance from the Foundation to cover travel and hotel expenses ONLY. This funding is only available to projects that have been selected to participate in the OSS and OPT at AppSec APAC 2013. Preference will be given to OWASP Project Leaders that are applying to present at the conference that is closest to their region. Additionally, preference will be given to OWASP Project Leaders that have not presented or participated in the OPT forum.
 +
 +
 +
'''Date and Times'''
 +
 +
'''APPLICATION DEADLINES'''
 +
 +
OPT Applications are due: December 28, 2012
 +
 +
 +
'''CONFERENCE DATE'''
 +
 +
February 19-22, 2013
 +
 +
 +
'''OPT DATE & TIME'''
 +
 +
All OPT Talks will be held between February 21-22, 2013.
 +
 +
 +
'''LOCATION'''
 +
 +
[http://jeju.regency.hyatt.com/hyatt/hotels-jeju-regency/index.jsp?null Hyatt Regency Jeju]<br>
 +
114,Jongmoongwangwang-ro 72 beon-gil,Seogwipo-si,<br>
 +
Jeju Special Self-Governing Province<br>
 +
South Korea<br>
 +
Phone: +82 64 733 1234 
 
|}
 
|}
  
__NOTOC__ <headertabs />
 
  
{{PutInCategory}}
+
= PM Information  =
 +
<font size=2pt>
 +
 
 +
==Samantha Groves: OWASP Project Manager==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Sam2.jpg|100px]]
 +
| align="justify" |Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She is eager to begin her work at OWASP and help the organization reach its project completion goals.
 +
 
 +
Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor's degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate's degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha recently attained her Prince2 (Foundation) project management certification.
 +
 
 +
Please see the [https://docs.google.com/a/owasp.org/document/d/1syHIiVA56KSR_T-enIMolMO6xSAZlWP86uvi_Ui8rPs/edit  Project Manager Role Description] for more information.
 +
|}
 +
<br>
 +
 
 +
==GPC Meeting Reports==
 +
 
 +
'''2013'''
 +
 
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-04-01 GPC Meeting: January 04 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-11-01 GPC Meeting: January 11 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-18-01 GPC Meeting: January 18 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-25-01 GPC Meeting: January 25 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-01-02 GPC Meeting: February 01 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-08-02 GPC Meeting: February 08 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-15-02 GPC Meeting: February 15 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-22-02 GPC Meeting: February 22 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2013-01-03  Project Manager Report: March 01 2013]
 +
 
 +
 
 +
'''2012'''
 +
 
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-24-08 GPC Meeting: August 24 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-07-09 GPC Meeting: September 07 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-14-09 GPC Meeting: September 14 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-21-09 GPC Meeting: September 21 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-28-09 GPC Meeting: September 28 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-05-10 GPC Meeting: October 05 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-12-10 GPC Meeting: October 12 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-19-10 GPC Meeting: October 19 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-09-11 GPC Meeting: November 09 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-16-11 GPC Meeting: November 16 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-30-11 GPC Meeting: November 30 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-07-12 GPC Meeting: December 07 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-14-12 GPC Meeting: December 14 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-21-12 GPC Meeting: December 21 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/GPC/Meetings/2012-27-12 GPC Meeting: December 27 2012 Project Manager Report]
 +
 
 +
 
 +
==Board Meeting Reports==
 +
 
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/August_13_2012 Board Meeting: August 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/September_10_2012 Board Meeting: September 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/October_08_2012 Board Meeting: October 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/November_12_2012 Board Meeting: November 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/December_10_2012 Board Meeting: December 2012 Project Manager Report]
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/January_14_2013 Board Meeting: January 2013 Project Manager Report]
 +
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/February_11_2013 Board Meeting: February 2013 Project Manager Report]
 +
 
 +
 
 +
==Project Funds==
 +
 
 +
* [https://docs.google.com/a/owasp.org/spreadsheet/pub?hl=en_US&hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&output=html Chapter and Individual Project Funds]
 +
* [https://www.owasp.org/index.php/Projects_Reboot_2012 Project Reboot 2012 Information]
 +
 
 +
 
 +
==Project Manger's Quarterly Strategic Objectives==
 +
 
 +
'''Goals and Objectives: 2012 Q4'''
 +
*Identify and initiate 3 grant opportunities.
 +
*Complete metadata for Salesforce import related to projects.
 +
*Finalize and launch the Project database communication tool and webpage
 +
**https://www.owasp.org/index.php/Test2test
 +
*Complete the project lifecycle redesign
 +
**Sort out levels and stages for projects.
 +
**Determine and define landmarks for project advancement.
 +
**Document release stages and reviewer participation.
 +
*Update Project handbook
 +
**Document process for project donation.
 +
**Define and develop process for project advancement.
 +
**Define and develop process for funding requests.
 +
 
 +
 
 +
==Contact the Project Manager==
 +
 
 +
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the [https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGR5QXFWYThiOHZNSldCdkFIMW9kNXc6MQ  OWASP Project Manager, Samantha Groves].
 +
</font>
 +
 
 +
 
 +
= Global Project Committee  =
 +
<font size=2pt>
 +
== Jason Li  ==
 +
 
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Jason.jpg|100px]]
 +
| align="justify" |Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP [[Global Projects Committee]] and as a co-author of the [[:Category:OWASP AntiSamy Project | OWASP AntiSamy Project]] (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research.
 +
 
 +
'''Past conference presentations include:
 +
'''
 +
* [http://www.owasp.org/images/0/0f/DISAs_Application_Security_and_Development_STIG_How_OWASP_Can_Help_You-Jason_Li.pdf DISA's Application Security and Development STIG: How OWASP Can Help You] - [http://www.owasp.org/index.php/OWASP_AppSec_DC_2009_Schedule#tab=Talks_11.2F12 OWASP AppSec DC 2009]
 +
* [http://jazoon.com/en/conference/presentationdetails.html?type=sid&detail=7102 Agile and Secure: Can We Do Both?] - [http://jazoon.com/portals/0/Content/ArchivWebsite/jazoon.com/jazoon09/en/conference/thursday.html Jazoon 2008]
 +
* [http://www.shmoocon.org/presentations-all.html#owasp The OWASP AntiSamy Project] - [http://www.shmoocon.org/ ShmooCon 2009]
 +
* OWASP JSP Testing Tool - [http://www.owasp.org/index.php/OWASP_EU_Summit_2008#EVENT_AGENDA OWASP EU Summit 2008]
 +
* OWASP Keynote Introduction, [http://www.owasp.org/images/9/9d/AppSecIN08-ValidatingRichUserContent.ppt Validating Rich User Content] - [[OWASP_AppSec_India_Conference_2008#Day_One_.5BConference_Program.5D:__Wednesday_20th_August.2C_2008 | OWASP AppSec India 2008]]
 +
* [http://www.owasp.org/images/4/47/AppSecEU08-AntiSamy.ppt The OWASP AntiSamy Project] - [[OWASP_AppSec_Europe_2008_-_Belgium#Agenda_and_Presentations_-_May_21-22 | OWASP AppSec Belgium 2008]]
 +
 +
|}
 +
<br>
 +
 
 +
== Justin Searle  ==
 +
 
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Justin.jpg|100px]]
 +
| align="justify" | Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).
 +
 
 +
|}
 +
<br>
 +
 
 +
==Keith Turpin==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Keith.jpg|100px]]
 +
| align="justify" | Over the years Keith has held a number of positions at The Boeing Company including: Application Security Assessments team leader, Team Leader for IT Security International Operations, Team Leader for Information and Supply Chain Security Assessments, engineering systems integrator, software developer and senior manufacturing engineer on the 747 airplane program.
 +
 
 +
He represented Boeing on the International Committee for Information Technology Standard's cyber security technical committee and served as a U.S. delegate to the ISO/IEC sub-committee on cyber security.
 +
 
 +
He is a member of the (ISC)2 Application Security Advisory Board, and the Director of the HPPV Northwest regional engineering competition.
 +
 
 +
You can see his OWASP project on secure coding practices here:
 +
[http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide]
 +
 
 +
The presentation on his OWASP project at AppSec USA 2010 can be found here:
 +
[http://vimeo.com/17018329 http://vimeo.com/17018329]
 +
 
 +
You can see the video of his AppSec USA 2009 presentation on Building Security Assessment Teams here: [http://vimeo.com/8989378 http://vimeo.com/8989378]
 +
|}
 +
<br>
 +
 
 +
==Nishi Kumar==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Nishi.jpg|100px]]
 +
| align="justify" |'''Nishi Kumar IT Architect Specialist, FIS'''
 +
Nishi Kumar is an Architect with 20 years of broad industry experience. She is part of OWASP Global Industry Committee and project lead for OWASP CBT (Computer based training) project. She is a committed contributor of OWASP. She has spearheaded Secure Code Initiative program in FIS Electronics Payment division. As part of that program, she has delivered OWASP based training to management and development teams to various groups in FIS. She has been involved with PA-DSS certification of several applications in FIS. Since joining FIS in 2004 she has worked as an architect and team lead for several financial payment and fraud applications. She has hands-on accomplishments in design, development and deployment of complex software systems on a variety of platforms.
 +
Prior to joining FIS Nishi Kumar has worked for Pavilion, HNC, Fair Isaac, Trajecta, Nationwide Insurance and Data Junction as Senior Software Engineer, Architect and in Project Management roles.
 +
Nishi can be reached at: nishi787(at)hotmail.com
 +
|}
 +
<br>
 +
 
 +
==Brad Causey==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Brad.jpg|100px]]
 +
| align="justify" |Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities.
 +
 
 +
Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter.
 +
 
 +
* Brad Causey's [mailto:bradcausey@owasp.org Email Contact] and [[:Special:Contributions/Bradcausey|Wiki Contributions]].
 +
|}
 +
<br>
 +
 
 +
==Chris Schmidt==
 +
{| style="background-color: transparent"
 +
|-
 +
! width="200" align="center" | <br>
 +
! width="1000" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:Chris.jpg|100px]]
 +
| align="justify" |Chris is currently the Project Leader for the OWASP ESAPI Projects and also serves on the OWASP Global Projects Committee. He has been involved with OWASP for 4 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization.
 +
 
 +
During the day, Chris is an Application Security Engineer and Senior Software Engineer for Aspect Security where he has been since fall 2010. Prior to joining the team at Aspect Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC’s, Servers, Midrange Systems and Peripherals for 9 years.
 +
 
 +
In addition to his professional career he is also a musician with several ongoing projects and enjoys cold beer and long walks in the park.
 +
 
 +
Links:<br/>
 +
* Blog: [http://yet-another-dev.blogspot.com Yet Another Developer's Blog]
 +
* Twitter: [https://twitter.com/carne Carne]
 +
* LinkedIn: [http://www.linkedin.com/in/chrisschmidt Chris Schmidt]
 +
 
 +
|}
 +
<br>
 +
 
 +
 +
= Contact US  =
 +
<font size=2pt>
 +
 
 +
==OWASP Representation==
 +
* [[User:Samantha Groves|Samantha Groves]]: OWASP Project Manager
 +
 
 +
 
 +
==Global Project Committee Members==
 +
*[[User:Jason Li|Jason Li]]: Acting Committee Chair
 +
*[[User:Bradcausey|Brad Causey]]: Committee Member
 +
*[[:Global Projects and Tools Committee - Application 3|Chris Schmidt]]: Committee Member 
 +
*[[:Global Projects and Tools Committee - Application 4|Justin Searle]]: Committee Member 
 +
*[[User:Nishi Kumar|Nishi Kumar]]: Committee Member 
 +
*[[:Global Projects and Tools Committee - Application 6|Keith Turpin]]: Committee Member
 +
 
 +
 
 +
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the [https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGR5QXFWYThiOHZNSldCdkFIMW9kNXc6MQ  OWASP Project Manager, Samantha Groves].
 +
</font>
 +
 
 +
 
 +
<headertabs />

Revision as of 11:05, 1 March 2013



NEW-PROJECTS-BANNER.jpg
[edit]

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 120 active projects, and new project applications are submitted every week. This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community.


All OWASP tools, document, and code library projects are organized into the following categories:

  • PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
  • DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
  • LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).


Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the OWASP Project Mailing Lists page.

A summary of recent project announcements is available on the OWASP Updates page.

OWASP Projects Handbook 2013

OWASP Project Inventory

  • Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
  • Lab Projects: OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
  • Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole.


Who Should Start an OWASP Project:

  • Application Developers.
  • Software Architects.
  • Information Security Authors.
  • Those who would like the support of a world wide professional community to develop or test an idea.
  • Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.


Contact Us

If you have any questions, please do not hesitate to contact the OWASP Project Manager, Samantha Groves.




                                                                                                                             
POM SAMM.jpg



AppSec USA.jpg



Projects Banner 3.jpg



Projects Front Page Donation.jpg


So you want to start a project...

Starting an OWASP Project is easy. You don't have to be an application security expert. You just have to have the drive and desire to make a contribution to the application security community.

Here are some of the guidelines for running a successful OWASP project:

  • The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
  • You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  • You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
  • Available Grants to consider if you need funding - Click Here
  • You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!


Creating a new project

Here's the simple process for starting a new OWASP Project.


  • Get the following information together:

A - PROJECT

  1. Project Name,
  2. Project purpose / overview,
  3. Project Roadmap,
  4. Project links (if any) to external sites,
  5. Project License,
  6. Project Leader name,
  7. Project Leader email address,
  8. Project Leader wiki account - the username (you'll need this to edit the wiki),
  9. Project Contributor(s) (if any) - name email and wiki account (if any),
  10. Project Main Links (if any).


OWASP Recommended Licenses

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
ToolProject
(Non-WebBased)
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"
Tool Project
(WebBased)
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)



Funding your Project

An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit an application to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organisations, but project leaders are required to seek funding through their own initiative.

Project Release

  • As your project reaches a point that you'd like OWASP to assist in its promotion, the OWASP Global Projects Committee will need the following to help spread the word about your project:
  1. Conference style presentation that describes the tool/document in at least 3 slides,
  2. Project Flyer/Pamphlet (PDF file),


  • If possible, get also the following information together:

B – FIRST RELEASE

  1. Release Name,
  2. Release Description,
  3. Release Downloadable file link
  4. Release Leader,
  5. Release Contributor(s),
  6. Release Reviewer,
  7. Release Sponsor(s) (if any),
  8. Release Notes
  9. Release Main Links (if any),


Project Process Forms

These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

  • Project Transition Application:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.
  • Project Review Application:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.
  • Project Donation Application:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.
  • Project Abandonment Request:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.


OWASP Project Lifecycle

The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.


The OWASP Project Lifecycle is broken down into the following stages:

Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

Labs Projects: OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

OWASP Project Stage Benefits

This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

Incubator

  • Financial Donation Management Assistance
  • Project Review Support
  • WASPY Awards Nominations
  • OWASP OSS and OPT Participation
  • Opportunity to submit proposal: $500 for Development.
  • Community Engagement and Support
  • Recognition and visibility of being associated with the OWASP Brand.

Labs

  • All benefits given to Incubator Projects
  • Technical Writing Support
  • Graphic Design Support
  • Project Promotion Support
  • OWASP OSS and OPT: Preference

Flagship

  • All benefits given to Incubator & Labs Projects
  • Grant finding and proposal writing help
  • Yearly marketing plan development
  • OWASP OSS and OPT participation preference


For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.


OWASP Project Graduation

The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.


OWASP Project Health Assessment

The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.


OWASP Project Deliverable/Release Assessment

The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.


Flagship Projects

The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.


Code


Tools


Documentation


Labs Projects

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.


Tools


Documentation


Incubator Projects

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.


Code


Tools


Documentation


Inactive Projects

Archived Projects

OWASP Archived Projects are inactive Labs projects. If you are interested in pursuing any of the projects below, please contact us and let us know of your interest.


Philosophy

OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.


Brand Usage Rules

The following rules make reference to all OWASP marketing and graphic materials. This refers to any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.

  1. The OWASP Brand may be used to direct people to the OWASP website for information about application security.
  2. The OWASP Brand may be used in commentary about the materials found on the OWASP website.
  3. The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
  4. The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
  5. The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
  6. The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
  7. The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
  8. The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
  9. The OWASP Brand may be used by special arrangement with The OWASP Foundation.


Resources


Merchandise Requests


Ads/Flyers


Banners


Presentations

These slides are presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for an "overview of owasp".


OWASP Press

The OWASP press is a pattern for massive community collaboration on OWASP documentation projects with just-in-time publication. Visit the OWASP Press Page for more information.


OWASP Project Infrastructure

  • OWASP Project Lifecycle: The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.


  • Incubator Project: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.


  • Labs Project: OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.


  • Flagship Project: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.


  • Project Benefits: The standard list of resources and incentives made available to project leaders based on their project's current maturity level.


OWASP Project Reviews

  • Project Reviews: Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.


  • Project Reviewer Pool: The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.


  • Project Graduation: The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.


  • Project Health Assessment: The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document.


  • Project Release: A project release refers to the final deliverable a project produces. It is the final product of the project.


  • Project Deliverable/Release Review: The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.


OWASP Project Processes

  • Project Processes: The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.


  • Project Inception Process: The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.


  • Project Donation Process: The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.


  • Project Transition Process: The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.


  • Project Abandonment Process: The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.


  • Incubator Graduation Process: The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.


Projects at Conferences

  • AppSec Conferences: OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.


  • Open Source Showcase: The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.


  • OWASP Project Track: The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.


OWASP Projects General

  • OWASP Code of Ethics: The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the OWASP About page.


OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

This is how your money can help:

  • $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
  • $100 could help fund OWASP project demos at major conferences.
  • $250 could help get our volunteer Project Leaders to speaking engagements.


Donate Button.jpg


OWASP Project Sponsors

Americas

Africa

Asia

Europe

Middle East

Social Media

Blogger-32x32.png Twitter-32x32.png Facebook-32x32.png Linkedin-32x32.png Google-32x32.png Ning-32x32.png


Security Podcast with Jim Manico



Jim Projects.jpg The OWASP foundation presents the OWASP PODCAST SERIES hosted and produced by Jim Manico. Listen as interviews are conducted with OWASP volunteers, industry experts and leaders within the field of software security. Visit the Podcast Page for more information.


OWASP Appsec Tutorial Series with Jerry Hoff



Jerry Projects.jpg The OWASP AppSec Tutorial Series project provides a video based means of conveying complex application security concepts in an easily accessible and understandable way. Each video is approximately 5-10 minutes long and highlights one or more specific application security concepts, tools, or methodologies. The goal of the project is quite simple and yet quite audacious - provide top notch application security video based training... for free! Visit the Tutorial Series Page for more information.


OWASP Global Projects Announcements

OWASP AppSecEU Research 2013: CfPs Released

After having some luck and with a little bit of work in order to constitute two splendid program committees we're just released the "Call for Ps". One for the Research Track, one regular Industry Tracks.

If you think you can contribute with your presentation or paper something to the topics listed in the CfPs, you're cordially invited to submit a proposal.

We look forward to a great http://AppSec.EU/ conference this August in Hamburg.

Help us spread the word!

Open Source Project Track Opportunities at AppSec APAC 2013

This 'Call for Entries' is now closed.

The AppSec APAC conference organizers, in conjunction with the Global Projects Division, is pleased to announce a Call for Entries for the OWASP Projects Track (OPT).

We are offering a limited number of speaking opportunities to open source projects this year, as well as FREE conference admission for the representatives of the chosen projects. We would like to invite ALL open source projects to apply.


About the AppSec APAC 2013 OWASP Project Track The APAC 2013 OPT forum differs from OSS in that only OWASP Projects can apply to participate. This is a great opportunity for OWASP Project Leaders to showcase their project as an official conference presenter. Please note that successful OPT applicants are responsible for developing and presenting in their designated timeslot at the conference.

For an opportunity to present your open source project through the OPT at AppSec APAC 2013, please submit your application using the OPT APAC 2013 Application.


Sponsorship Opportunities OWASP Project Leaders have the option of requesting financial assistance from the Foundation to cover travel and hotel expenses ONLY. This funding is only available to projects that have been selected to participate in the OSS and OPT at AppSec APAC 2013. Preference will be given to OWASP Project Leaders that are applying to present at the conference that is closest to their region. Additionally, preference will be given to OWASP Project Leaders that have not presented or participated in the OPT forum.


Date and Times

APPLICATION DEADLINES

OPT Applications are due: December 28, 2012


CONFERENCE DATE

February 19-22, 2013


OPT DATE & TIME

All OPT Talks will be held between February 21-22, 2013.


LOCATION

Hyatt Regency Jeju
114,Jongmoongwangwang-ro 72 beon-gil,Seogwipo-si,
Jeju Special Self-Governing Province
South Korea
Phone: +82 64 733 1234


Samantha Groves: OWASP Project Manager



Sam2.jpg Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She is eager to begin her work at OWASP and help the organization reach its project completion goals.

Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor's degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate's degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha recently attained her Prince2 (Foundation) project management certification.

Please see the Project Manager Role Description for more information.


GPC Meeting Reports

2013


2012


Board Meeting Reports


Project Funds


Project Manger's Quarterly Strategic Objectives

Goals and Objectives: 2012 Q4

  • Identify and initiate 3 grant opportunities.
  • Complete metadata for Salesforce import related to projects.
  • Finalize and launch the Project database communication tool and webpage
  • Complete the project lifecycle redesign
    • Sort out levels and stages for projects.
    • Determine and define landmarks for project advancement.
    • Document release stages and reviewer participation.
  • Update Project handbook
    • Document process for project donation.
    • Define and develop process for project advancement.
    • Define and develop process for funding requests.


Contact the Project Manager

If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Project Manager, Samantha Groves.


Jason Li



Jason.jpg Jason has led security architecture reviews, application security code reviews, penetration tests and provided web application security training services for a variety of commercial, financial, and government customers. He is also actively involved in the Open Web Application Security Project (OWASP), serving on the OWASP Global Projects Committee and as a co-author of the OWASP AntiSamy Project (Java version). Jason earned his Post-Master's degree in Computer Science with a concentration in Information Assurance from Johns Hopkins University. He earned his Master's degree in Computer Science from Cornell University, where he also earned his Bachelor's degree, double majoring in Computer Science and Operations Research.

Past conference presentations include:


Justin Searle



Justin.jpg Justin is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).


Keith Turpin



Keith.jpg Over the years Keith has held a number of positions at The Boeing Company including: Application Security Assessments team leader, Team Leader for IT Security International Operations, Team Leader for Information and Supply Chain Security Assessments, engineering systems integrator, software developer and senior manufacturing engineer on the 747 airplane program.

He represented Boeing on the International Committee for Information Technology Standard's cyber security technical committee and served as a U.S. delegate to the ISO/IEC sub-committee on cyber security.

He is a member of the (ISC)2 Application Security Advisory Board, and the Director of the HPPV Northwest regional engineering competition.

You can see his OWASP project on secure coding practices here: http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide

The presentation on his OWASP project at AppSec USA 2010 can be found here: http://vimeo.com/17018329

You can see the video of his AppSec USA 2009 presentation on Building Security Assessment Teams here: http://vimeo.com/8989378


Nishi Kumar



Nishi.jpg Nishi Kumar IT Architect Specialist, FIS

Nishi Kumar is an Architect with 20 years of broad industry experience. She is part of OWASP Global Industry Committee and project lead for OWASP CBT (Computer based training) project. She is a committed contributor of OWASP. She has spearheaded Secure Code Initiative program in FIS Electronics Payment division. As part of that program, she has delivered OWASP based training to management and development teams to various groups in FIS. She has been involved with PA-DSS certification of several applications in FIS. Since joining FIS in 2004 she has worked as an architect and team lead for several financial payment and fraud applications. She has hands-on accomplishments in design, development and deployment of complex software systems on a variety of platforms. Prior to joining FIS Nishi Kumar has worked for Pavilion, HNC, Fair Isaac, Trajecta, Nationwide Insurance and Data Junction as Senior Software Engineer, Architect and in Project Management roles. Nishi can be reached at: nishi787(at)hotmail.com


Brad Causey



Brad.jpg Brad Causey is a Web Application Security, Forensics, and Phishing specialist working in the financial sector. He frequently contributes to various open source projects, and participates in training and lectures at various educational facilities.

Brad Causey is also an OWASP GPC member, the President of the OWASP AL Chapter, and the President of the AL IISFA Chapter.


Chris Schmidt



Chris.jpg Chris is currently the Project Leader for the OWASP ESAPI Projects and also serves on the OWASP Global Projects Committee. He has been involved with OWASP for 4 years and has spoken at many OWASP events about the benefits of the Enterprise Security API as well as participated in Leadership discussions amongst the organization.

During the day, Chris is an Application Security Engineer and Senior Software Engineer for Aspect Security where he has been since fall 2010. Prior to joining the team at Aspect Security he spent 5 years as 'Black Ops Beef' for ServiceMagic Inc with the official title of Software Engineer. Before getting involved in software professionally, Chris worked in hardware as a Senior Field Service Engineer providing hardware and software support for PC’s, Servers, Midrange Systems and Peripherals for 9 years.

In addition to his professional career he is also a musician with several ongoing projects and enjoys cold beer and long walks in the park.

Links:



OWASP Representation


Global Project Committee Members


If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the OWASP Project Manager, Samantha Groves.


Subcategories

This category has the following 141 subcategories, out of 141 total.

A

B

C

D

E

E cont.

F

G

H

I

J

L

M

N

O

P

R

S

T

V

W

X

Y

Pages in category "OWASP Project"

The following 200 pages are in this category, out of 266 total.

(previous 200) (next 200)

A

B

C

D

E

F

G

H

I

J

K

M

N

O

O cont.

(previous 200) (next 200)