Difference between revisions of "Category:OWASP Project"

From OWASP
Jump to: navigation, search
(Tools [Reviewed last: May 2015 - Health Check February 2016])
 
Line 1: Line 1:
<div style="font-size:7pt;">
+
__NOTOC__
<div align="center">
+
{|
 +
|-
 +
! width="700" align="center" | <br>  
 +
! width="500" align="center" | <br>
 +
|-
 +
|
 +
| align="right" |
  
<openx></openx>
+
|}
  
<b>Disclaimer: Banner ads are not endorsements, and reflect the messages of the advertiser only. | [https://www.owasp.org/index.php/Advertising More Information]</b></div></div>
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 +
= Welcome  =
 +
{| style="width: 100%;"
 +
|-
 +
| style="width: 100%; color: rgb(0, 0, 0);" |
 +
{| style="border: 0px solid ; background: transparent none repeat scroll 0% 0%; width: 100%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;"
 +
|-
 +
| style="width: 95%; color: rgb(0, 0, 0);" |
 +
<font size=2pt>
  
 +
=== Welcome to the OWASP Global Projects Page ===
  
An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:  
+
(The Projects pages are constantly being updated. Some pages may contain outdated information.  You can help OWASP to keep these pages current by visiting [https://www.owasp.org/index.php/Category:FIXME FixME])  Please contact Claudia Aviles Casanovas with questions using the [https://www.tfaforms.com/308703| contact us form]
  
*'''PROTECT''' - These are tools and documents that can be used to guard against security-related design and implementation flaws.
+
An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has ''''''over ''''''89'''''' active projects'''''', and new project applications are submitted every week.
*'''DETECT''' - These are tools and documents that can be used to find security-related design and implementation flaws.
+
*'''LIFE CYCLE''' - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).
+
  
If you would like to start a new project please review the '''[[How to Start an OWASP Project]]''' guide. Please contact the [https://www.owasp.org/index.php/Global_Projects_and_Tools_Committee Global Project Committee] members to discuss project ideas and how they might fit into OWASP. All OWASP projects must be free and open and have their homepage on the OWASP portal. You can read all the guidelines in the [[:Category:OWASP Project Assessment|Project Assessment Criteria]].  
+
This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.  
  
Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any of them on the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page.
+
Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''
 +
- 2016 Project handbook updates are in progres, [https://www.tfaforms.com/308703 Contact US] to join the collobration team and improve the process
  
A list of '''Projects''' that have been identified as '''orphaned''' ones has been set up. Please [[:Category:OWASP Orphaned Projects|glance at it]] and see you find interest in leading any of them.
+
'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''
  
A summary of recent project releases (amongst other things) is available on the [[OWASP Updates]] page.
+
'''[[Project_Online_Resources|Project Online Resources]]'''
  
We invite the community to review all potential Incubator projects, and ask any relevant questions to the potential project leader. All project applications are subject to this review for a total of 5 working days. If there are no objections, then the project will be accepted into the OWASP Projects Infrastructure.
+
=== Who Should Start an OWASP Project? ===
  
*'''[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0Amvv_7Gz8Z7TdHZfWGhHZ0Z4UFFwZU42djBXcVVLSlE#gid=0 Pending Project Applications]'''
+
*Application Developers.  
 +
*Software Architects.  
 +
* Information Security Authors. 
 +
*Those who would like the support of a world wide professional community to develop or test an idea.
 +
*Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.
  
 +
=== Contact Us===
 +
 +
If you have any questions, please do not hesitate to  [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.
 +
 +
=== Fund Details ===
 +
 +
* [https://www.owasp.org/images/1/11/20160407_-_US_Project_Funds.pdf Project Transactions - US (Amount shown in USD)]
 +
* [https://www.owasp.org/images/7/7b/20160407_-_EU_Project_Funds.pdf Project Transactions - EU (Amount shown in Euros)]
 +
 +
=== Please see additional OWASP PROJECT FUNDING for 2016 ===
 +
 +
https://www.owasp.org/index.php/OWASP_Board_Votes
 +
 +
=== OWASP Project Inventory ===
 +
 +
All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]
 +
 +
* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
 +
 +
* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
 +
 +
* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
 +
 +
=== Social Media ===
 +
 +
We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above. 
 +
 +
[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]
 +
<!-- Twitter Box -->
 +
</font>
 +
 +
|}
 +
 +
| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" | 
 +
<div style="padding:2em;padding-bottom:0px;"><!-- DON'T REMOVE ME, I'M STRUCTURAL; also 2 empty lines between images -->
 +
 +
<center>[[Image:Under-construction-small.jpg | link=https://www.owasp.org/index.php/Category:FIXME]]</center>
 +
<center>[https://www.owasp.org/index.php/OWASP_Strategic_Goals Projects are a 2016 Strategic Goal]</center>
 +
 +
 +
[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]
 +
 +
 +
[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
 +
</div>
 +
 +
{|
 
   
 
   
=Stable Quality Projects=
 
  
*Stable quality projects are generally the level of quality of professional tools or documents.
+
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
*Projects are listed below.
+
|}
:[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donationssinglemeetingsupporterlocalchapte_1164927]]
+
Project and Local Chapter - [https://www.owasp.org/index.php/Donation_Scoreboard available funds]
+
  
{| width="100%"
+
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |  
|-
+
|}
! width="50%" | Tools
+
<!-- End Banner -->  
! Documentation
+
|- valign="top"
+
|
+
'''PROTECT:<br><br>'''
+
  
;[[:Category:OWASP AntiSamy Project|OWASP AntiSamy Java Project]]
+
= Project Inventory  =
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks (Assessment Criteria v1.0)
+
<font size=2pt>
  
;[[:Category:OWASP AntiSamy Project .NET|OWASP AntiSamy .NET Project]]  
+
(The Projects pages are constantly being updated.  Some pages may contain outdated information.  You can help OWASP to keep these pages current by visiting [https://www.owasp.org/index.php/Category:FIXME FixME])  Please contact Claudia Aviles Casanovas with questions using the [https://www.tfaforms.com/308703| contact us form]
:an API for validating rich HTML/CSS input from users without exposure to cross-site scripting and phishing attacks. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Enterprise Security API|OWASP Enterprise Security API (ESAPI) Project]]
+
==Quick Guide to Projects==
:a free and open collection of all the security methods that a developer needs to build a secure web application. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP ModSecurity Core Rule Set Project|OWASP ModSecurity Core Rule Set Project]]
+
===Quick Guide for Developers===
:a project to document and develop the ModSecurity Core Rule Set (Assessment Criteria v2.0)
+
  
<br> '''DETECT:<br><br>'''
+
This is a Quick Guide for Developers new to OWASP projects:
  
;[[:JBroFuzz|OWASP JBroFuzz Project]]
+
Infographic containing Hyperlinks to projects:
:a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. (Assessment Criteria v2.0)
+
https://magic.piktochart.com/output/6400107-untitled-infographic
  
;[[:Category:OWASP Live CD Project|OWASP Live CD Project]]  
+
Downloadable Images:
:this CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. (Assessment Criteria v1.0)
+
[[File:Owasp_Dev_Guide.pdf ]]
  
;[[:Category:OWASP WebScarab Project|OWASP WebScarab Project]]  
+
==Flagship Projects==
:a tool for performing all types of security testing on web applications and web services (Assessment Criteria v1.0)
+
[[File:Flagship_banner.jpg]]
  
;[[:OWASP Zed Attack Proxy Project|OWASP Zed Attack Proxy Project]]
+
The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
:The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. (Assessment Criteria v2.0)
+
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project have been evaluated more deeply to confirm their flagship status:
  
<br> '''LIFE CYCLE:<br><br>'''
+
====Tools [Reviewed September 2014 -  Health Check February 2016]====
  
;[[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]  
+
* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]][[File:Thumbsup.png|15px]]
:an online training environment for hands-on learning about application security (Assessment Criteria v1.0)
+
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_OWTF|OWASP OWTF]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Dependency_Check|OWASP Dependency Check]][[File:Thumbsup.png|15px]]
  
<br>
+
====Code [Reviewed November 2014 -  Health Check February 2016]====
 +
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]][[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]][[File:Thumbsup.png|15px]]
  
|  
+
====Documentation[Reviewed February 2015 -  Health Check February 2016] ====
'''PROTECT:<br><br>'''
+
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]][[File:Thumbsup.png|15px]]
 +
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]][[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Testing_Project|OWASP Testing Project]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP Guide Project|OWASP Development Guide]]  
+
==Labs Projects==
:a massive document covering all aspects of web application and web service security (Assessment Criteria v1.0)
+
[[File:Lab banner.jpg]]
  
;[[:Category:OWASP .NET Project|OWASP .NET Project]]
+
OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
:the purpose of the this project is to provide a central repository of information and tools for software professionals that use the Microsoft .NET Framework for web applications and services. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Ruby on Rails Security Guide V2|OWASP Ruby on Rails Security Guide V2]]
+
===Thumbs up===
:this Project is the one and only source of information about Rails security topics. (Assessment Criteria v1.0)
+
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship
  
;[[OWASP Secure Coding Practices - Quick Reference Guide|OWASP Secure Coding Practices - Quick Reference Guide]]  
+
====Tools [Reviewed February 2015]Health Check February 2016]====
:this document provides a quick high level reference for secure coding practices. It is technology agnostic and defines a set of general software security coding practices, in a checklist format, that can be integrated into the development lifecycle. (Assessment Criteria v2.0)
+
* [[O-Saft|O-Saft]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]][[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_EnDe|OWASP EnDe Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_O2_Platform|OWASP O2 Platform]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Passfault|OWASP Passfault]] [[File:Thumbsup.png|15px]]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Security_Ninjas_AppSec_Training_Program OWASP Security Ninjas Appsec Training][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Security_Shepherd|OWASP Security Shepherd]][[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]][[File:Thumbsup.png|15px]]
  
<br> '''DETECT:<br><br>'''
+
====Documentation [In Progress-Results by February/March 2015]Health Check February 2016]====
  
;[[:Category:OWASP Application Security Verification Standard Project|OWASP Application Security Verification Standard Project]]  
+
* [[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]][[File:Thumbsup.png|15px]]
:The ASVS defines the first internationally-recognized standard for conducting application security assessments. It covers both automated and manual approaches for assessing (verifying) applications using both security testing and code review techniques. (Assessment Criteria v1.0)
+
* [[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_CISO_Survey|OWASP CISO Survey]] [[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Cornucopia|OWASP Cornucopia]][[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Podcast|OWASP Podcast Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP Code Review Project|OWASP Code Review Guide]]  
+
====Contests - Health Check February 2016====
:a project to capture best practices for reviewing code. (Assessment Criteria v1.0)
+
*[[OWASP_University_Challenge|OWASP University Challenge]] [[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP Testing Project|OWASP Testing Guide]]  
+
====Code [Reviewed February 2015] Health Check February 2016====
:a project focused on application security testing procedures and checklists (Assessment Criteria v1.0)
+
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Python_Security_Project|OWASP Python Security Project]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP Top Ten Project|OWASP Top Ten Project]]  
+
==Incubator Projects==
:an awareness document that describes the top ten web application security vulnerabilities (Assessment Criteria v1.0)
+
[[File:Incubator_banner.jpg]]
  
<br> '''LIFE CYCLE:<br><br>'''
+
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
  
;[[:Category:OWASP AppSec FAQ Project|OWASP AppSec FAQ Project]]
+
===Thumbs up===
:FAQ covering many application security topics (Assessment Criteria v1.0)
+
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation
  
;[[:Category:OWASP Legal Project|OWASP Legal Project]]
 
:a project focused on providing contract language for acquiring secure software (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Source Code Review OWASP Projects Project|OWASP Source Code Review for OWASP-Projects]]  
+
====Code [Reviewed March 2015 - Health Check February 2016]====
:a workflow for OWASP projects to incorporate static analysis into the Software Development Life Cycle (SDLC). (Assessment Criteria v1.0)
+
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
 +
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_Security_Logging_Project|OWASP Security Logging Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Mth3l3m3nt_Framework_Project|OWASP Mth3l3m3nt Framework Project]][[File:Thumbsup.png|15px]]
 +
* [[WebGoatPHP|OWASP WebGoat PHP Project]]
 +
* [[OWASP_Secure_Headers_Project|OWASP Secure Headers Project]]
  
<br>
+
====Research====
 +
* [[OWASP_WASC_Distributed_Web_Honeypots_Project|OWASP WASC Distributed Web Honeypots Project]][[File:Thumbsup.png|15px]]
  
|}
+
====Tools [Reviewed last: May 2015 - Health Check February 2016]====
 +
* [[Benchmark|OWASP Benchmark]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Wordpress_Vulnerability_Scanner_Project | OWASP Wordpress Vulnerability Scanner]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Threat_Dragon | OWASP Threat Dragon]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Security_Knowledge_Framework#tab=Main | OWASP Security Knowledge Framework]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Droid10_Project|OWASP Droid]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]] [[File:Thumbsup.png|15px]]
 +
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_ZSC_Tool_Project|OWASP ZSC Tool Project]] [[File:Thumbsup.png|15px]]
 +
*[[OWASP_DefectDojo_Project|OWASP DefectDojo Project]]
 +
*[[OWASP_Web_Malware_Scanner_Project|OWASP_Web Malware Scanner Project]]
 +
*[[OWASP_Basic_Expression_%26_Lexicon_Variation_Algorithms_(BELVA)_Project| OWASP Basic Expression Lexicon Variation Algorithms (Belva) Project]]
  
=Beta Status Projects=
+
====Documentation[Review: May 2015 - Health Check February 2016]====
 +
*[[OWASP_Snakes_and_Ladders|OWASP Snakes and Ladders Project]] [[File:Thumbsup.png|15px]]
 +
*[[OWASP Automated Threats to Web Applications]] [[File:Thumbsup.png|15px]]
 +
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]][[File:Thumbsup.png|15px]]
 +
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWSP_Application_Security_Program_Quick_Start_Guide_Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_RFP-Criteria|OWASP Request For Proposal]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Web_Mapper_Project|OWASP Web Mapper Project]]
 +
*[[OWASP_Top_10_fuer_Entwickler|OWASP 10 Fuer Entwickler]]
  
*Beta quality projects are complete and ready to use with documentation.  
+
==Educational Initiatives==
*Projects are listed below.
+
====Health Check February 2016====
:<paypal>OWASP Projects</paypal>
+
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]][[File:Thumbsup.png|15px]]
Project and Local Chapter - [https://www.owasp.org/index.php/Donation_Scoreboard available funds]  
+
*[[:Category:OWASP_Education_Project|OWASP Education Project]][[File:Thumbsup.png|15px]]
 +
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Media_Project|OWASP Media Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]][[File:Thumbsup.png|15px]]
 +
*[[OWASP_Online_Academy#tab=Main | OWASP Online Academy]][[File:Thumbsup.png|15px]]
  
{| width="100%"
+
== Low Activity Projects ==
|-
+
[[File:low_activity.jpg]]
! width="50%" | Tools
+
======Low Activity (LABS)[Reviewed July 2015] Health Check February 2016======
! Documentation
+
|- valign="top"
+
|
+
'''PROTECT:<br><br>'''
+
  
;[[:Category:OWASP CSRFGuard Project|OWASP CSRFGuard Project]]  
+
These projects had no releases in at least a year, however have shown to be valuable tools
:a J2EE filter that implements a unique request token to mitigate CSRF attacks (Assessment Criteria v1.0)
+
'''Code [Low Activity]'''  Health Check February 2016
 +
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP Encoding Project|OWASP Encoding Project]]  
+
'''Tools Health Check February 2016'''
:a project focused on the development of encoding best practices for web applications. (Assessment Criteria v2.0)
+
*[https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project WebScarab][[File:Thumbsup.png|15px]]
 +
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP OpenSign Server Project|OWASP OpenSign Server Project]]  
+
'''Documentation [Low Activity]'''  '''Health Check February 2016'''
:the purpose of this project would be to build and host a feature-rich server and suite of client utilities with adequate secure hardware to ensure the integrity of code modules. (Assessment Criteria v1.0)
+
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]][[File:Thumbsup.png|15px]]
 +
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]][[File:Thumbsup.png|15px]]
 +
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp|OWASP OpenPGP Extensions for HTTP - Enigform and mod openpgp]]
+
==Donated Projects==
:focus on mod_openpgp and Secure Session Management, presenting a working web-site using this new authentication methodology in such a way that it will attract security professionals and web-developers to this new mix of two good'ol protocols: HTTP and OpenPGP. (Assessment Criteria v1.0)
+
  
;[[Octoms|OWASP - OctoMS PHP Framework]]
+
OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.
:a lightweight PHP Framework built for fast debugging, social coding and rapid application development with security in mind
+
  
 +
====Tools====
  
<br> '''DETECT:<br><br>'''
+
* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]][[File:Thumbsup.png|15px]]
 +
* [[OWASP_JOTP_Project|OWASP jOTP Project]][[File:Thumbsup.png|15px]]
  
;[[:Category:OWASP Access Control Rules Tester Project|OWASP Access Control Rules Tester Project]]
+
==OWASP Archived Projects==
:this project is intended to have two deliverables: research technical report (publication ready article) and an Access Control Rules Tester tool. (Assessment Criteria v1.0)
+
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.
  
;[[:Category:OWASP Code Crawler|OWASP Code Crawler]]
+
'''Added New Project on February 2016'''
:this tool is aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP DirBuster Project|OWASP DirBuster Project]]
+
https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects
:DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Orizon Project|OWASP Orizon Project]]
+
= Former Project Task Force =
:the goal of this project is to develop an extensible code review engine to be used from source code assessment tools. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Pantera Web Assessment Studio Project|OWASP Pantera Web Assessment Studio Project]]
 
:a project focused on combining automated capabilities with complete manual testing to get the best results (Assessment Criteria v1.0)
 
  
;[[ORG (Owasp Report Generator)|OWASP Report Generator]]
+
====OWASP Project Task Force====
:a project giving security professionals a way to report and keep track of their projects (Assessment Criteria v1.0)
+
(The Projects pages are constantly being updated.  Some pages may contain outdated information.  You can help OWASP to keep these pages current by visiting [https://www.owasp.org/index.php/Category:FIXME FixME]) Please contact Claudia Aviles Casanovas with questions using the [https://www.tfaforms.com/308703| contact us form]
  
;[[Owasp SiteGenerator|OWASP Site Generator]]
+
{{:Task_Force/OWASP_Projects}}
:a project allowing users to create dynamic sites for use in training, web application scanner testing, etc... (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Skavenger Project|OWASP Skavenger Project]]
+
= Online Resources =
:is a web application security assessment tool kit that passively analyses traffic logged by various MITM proxies as well as other sources and helps to identify various kinds of possible vulnerabilities. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP SQLiX Project|OWASP SQLiX Project]]
+
===Project Online Resources===
:a project focused on the development of SQLiX, a full perl-based SQL scanner (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Sqlibench Project|OWASP Sqlibench Project]]
+
* [https://docs.google.com/a/owasp.org/spreadsheets/d/13QM6yCqpirNuURbBdB5YZ_30mfQGbLjzBTGx0CTSNWw/edit?usp=sharing|OWASP Open Source Project Resources & Services]
:this is a benchmarking project of automatic sql injectors related to dumping databases. (Assessment Criteria v1.0)
+
  
;[[OWASP Tiger|OWASP Tiger]]
+
Please note that some services are 100% free and some have nominal cost.
:OWASP Tiger is a Windows application originally intended to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]
+
{{:Project_Online_Resources}}
:OWASP WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP WSFuzzer Project|OWASP WSFuzzer Project]]
+
= Starting a New Project =
:a project focused on the development of WSFuzzer, a full python-based Web Services SOAP fuzzer (Assessment Criteria v1.0)
+
<font size=2pt>
 +
== So you want to start a project... ==
  
<br> '''LIFE CYCLE:<br><br>'''
+
Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
 +
[[File:HowToStartProjectoWasp.png | 600px | right]]
  
;[[:Category:OWASP Teachable Static Analysis Workbench Project|OWASP Teachable Static Analysis Workbench Project]]
+
Here are some of the guidelines for running a successful OWASP project:
:this project is intended to have two deliverables: research technical report (publication ready article) and a workbench prototype. (Assessment Criteria v1.0)
+
  
|
+
-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)
'''PROTECT:<br><br>'''
+
  
;[[:Category:OWASP AppSensor Project|OWASP AppSensor Project]]
+
-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project
:a framework for detecting and responding to attacks from within the application. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Backend Security Project|OWASP Backend Security Project]]
+
-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on
:this is a new project created to improve and to collect the existant information about the backend security. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Securing WebGoat using ModSecurity Project|OWASP Securing WebGoat using ModSecurity Project]]
+
-Define what kind of project you would like to start. Is it a code, tool or documentation?
:the purpose of this project is to create custom Modsecurity rulesets that will protect WebGoat 5.2 from as many of its vulnerabilities as possible (the goal is 90%) without changing one line of source code. (Assessment Criteria v1.0)
+
  
<br> '''DETECT:<br><br>'''
+
-Communicate through the Project leader mailing list about your idea and get feedback and  meet potential contributors
  
;[[:Category:OWASP Tools Project|OWASP Tools Project]]
+
-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read  documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".  
:The OWASP Tools Project has been created to provide unbiased, practical information and guidance about application security tools that are used to detect vulnerabilities or to protect against vulnerabilities. The goal of this project is to identify any available tools, categorise them and rate them according to a predefind criteria to assess their effectiveness.
+
  
<br> '''LIFE CYCLE:<br><br>'''
+
[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]
  
;[[:Category:OWASP CLASP Project|OWASP CLASP Project]]  
+
Some recommendations on how to start a documentation project
:a project focused on defining process elements that reinforce application security (Assessment Criteria v1.0)
+
[[https://www.owasp.org/index.php/File:Document_Guide_(1).png| Document Guide Project]]
  
;[[:Category:OWASP Education Project|OWASP Education Project]]
+
===Importance of a well thought out Road-map===
:a project to build educational tracks and modules for different audiences. (Assessment Criteria v1.0)
+
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.
  
;[[OWASP Spanish|OWASP Spanish Project]]
 
:first translation effort to make OWASP site and project completely available in Spanish language. (Assessment Criteria v1.0)
 
  
<br>
 
  
|}
+
"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
 +
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"
  
=Alpha Status Projects=
+
* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved.  You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  
*Alpha quality projects are generally usable but may lack documentation or quality review.
+
* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
*Projects are listed below.
+
:<paypal>OWASP Projects</paypal>
+
Project and Local Chapter - [https://www.owasp.org/index.php/Donation_Scoreboard available funds]
+
  
{| width="100%"
+
* Available Grants to consider if you need funding - [[Grants|Click Here]]
|-
+
! width="50%" | Tools
+
! Documentation
+
|- valign="top"
+
|
+
;[[OWASP Academy Portal Project|OWASP Academy Portal Project]]
+
: a Portal to offer academic material in usable blocks, lab's, video's and forum. (Assessment Criteria v2.0)
+
  
;[[:OWASP Alchemist Project|OWASP Alchemist Project]]
+
* You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!
:this project enables a software development team in realization of highly secure and defensible application with built-in defences/controls against security‐related design, coding and implementation flaws. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Application Security Assessment Standards Project|OWASP Application Security Assessment Standards Project]]
+
== '''Creating a New Project''' ==
:The Project’s primary objective is to establish common, consistent methods for application security assessments standards that organizations can use as guidance on what tasks should be completed, how the tasks should be completed and what level of assessment is appropriate based on business requirement.  (Assessment Criteria v2.0)
+
Once you have passed the Project Ideas phase, then you will be ready to start a new project
  
;[[:Category:OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project|OWASP Application Security Tool Benchmarking Environment and Site Generator Refresh Project]]
+
'''[http://www.tfaforms.com/263506 Please submit a new project application here].''''''
:The idea is to split destination web application technology from the three reusable libraries: library of navigational elements, library of vulnerabilities and library of language constructs. (Assessment Criteria v1.0)
+
  
;[[:OWASP ASIDE Project|OWASP ASIDE Project]]
+
'''2016 OWASP Project Process'''
:ASIDE is an abbreviation for Application Security in Integrated Development Environment. It is an EclipseTM Plugin which is a software tool primarily designed to help students write more secure code. (Assessment Criteria v2.0)
+
  
;[[:OWASP Broken Web Applications Project|OWASP Broken Web Applications Project]]
+
'''Existing WORKFLOW''' [https://docs.google.com/viewer?a=v&pid=forums&srcid=MDM4NTc0NDY0NjkwMzEwMTMzMzkBMDIxODM3MDc5ODA4OTMxNjAzNjkBSFlWTDZaTE5Ed0FKATAuMQFvd2FzcC5vcmcBdjI Incubator Project Flow]
:a collection of vulnerable web applications that is distributed on a Virtual Machine. (Assessment Criteria v2.0)
+
  
;[[:OWASP Browser Security ACID Tests Project|OWASP Browser Security ACID Tests Project]]
+
'''Step 1:'''
: (Assessment Criteria v2.0)
+
New Project Leader submits New Project Request Form it is logged in the system and an alert is sent  to the Project Coordinator
  
;[[Classic ASP Security Project|OWASP Classic ASP Security Project]]
+
'''Step 2:'''
:it aims in creating a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. (Assessment Criteria v1.0)
+
New Project Request is received and reviewed by Project Coordinator for complete information .It must contain the following information to qualify as an acceptable submission:
 +
You will need to gather the following information together for your application:
  
;[[:Category:OWASP Content Validation using Java Annotations Project|OWASP Content Validation using Java Annotations Project]]  
+
*Project Name,
:We wish to explore the use of Java annotations for object validation, specifically for content validation. the result will be a framework which should be easy to use with an existing application. (Assessment Criteria v2.0)
+
*Project purpose / overview,
 +
*Project Roadmap,
 +
*Project links (if any) to external sites,
 +
*[[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
 +
*Project Leader name,
 +
*Project Leader email address,
 +
*Project Leader wiki account - the username (you'll need this to edit the wiki),
 +
*Project Contributor(s) (if any) - name email and wiki account (if any),
 +
*Project Main Links (if any).
 +
*==>For Documentation: A table of Contents
 +
*==>For Code: A prototype hosted in an open source repository of your choice.  
  
;[[:Category:OWASP CRM Project|OWASP CRM Project]]
+
'''Step 3:'''
:provides a management system for membership, projects, industry and chapters and users of OWASP projects (Assessment Criteria v1.0)
+
If all information is completed following the minimum criteria for Projects (Code/Tool/documentation), The Project Coordinator notifies the Project Leader that the request has been accepted, and at the same time notifies the Review team that a new project has been submitted, including al the information requested in the project criteria
  
;[[:Category:OWASP Cryttr - Encrypted Twitter Project|OWASP Cryttr - Encrypted Twitter Project]]
+
'''Step 4:'''
:a way to do some encrypted messaging to a group of distributed people with as little overhead as possible. (Assessment Criteria v2.0)
+
Project Coordinator proceeds to create a new Wiki page for the project including all the information sent by the project leader. project coordinator uses one of these project wiki template:
 +
*For Docs: https://www.owasp.org/index.php/OWASP_Documentation_Project_Template
 +
*For Code: https://www.owasp.org/index.php/OWASP_Code_Project_Template
 +
*For Tool:  https://www.owasp.org/index.php/OWASP_Tool_Project_Template
 +
Also Project coordinator creates a mailing list for the project leader and sets him as admin
  
;[[:Category:OWASP CSRFTester Project|OWASP CSRFTester Project]]
+
'''Step 5:'''
:gives developers the ability to test their applications for CSRF flaws (Assessment Criteria v1.0)
+
Project Coordinator notifies project leader and Review team about the created wiki page, providing the link to the wiki page.
 +
*Review team might provide comments for further improvement of the wiki page if necessary
 +
*Project leader should request a wiki account to be able to update his own wiki page afterwards if he has not one yet
  
;[[:OWASP Data Exchange Format Project|OWASP Data Exchange Format Project]]
+
'''Step 6:'''
:to define an open format for exchanging data between pentest tools (Assessment Criteria v2.0)
+
Project coordinator updates the Wiki project inventory, Dashboard and open hub with the information regarding the new created project
  
;[[OWASP ESOP Framework|OWASP ESOP Framework]]
+
'''Step 7:'''
:the purpose of the framework is to provide a security layer to a given web application / web site via web service (Assessment Criteria v2.0)
+
Project is set in the agenda by the Project Coordinator for monitoring over the next 3 months to check how has been developing.
  
;[[:Category:OWASP Encrypted Syndication Project|OWASP Encrypted Syndication Project]]
+
'''Step 8:'''
:complements the OWASP Cryttr - Encrypted Twitter Project and serves other few other front ends that can use Encrypted Syndication Protocol. (Assessment Criteria v2.0)
+
Every 3 months, project co-ordinator monitors the activity on the wiki page for new updates and on the Openhub for commits and level of activity . Findings are then reported on the Dashboard as comments and CC through email to the review team
  
;[[:Category:OWASP EnDe|OWASP EnDe Project]]
+
'''Step 9:'''
:This tool is an encoder, decoder, converter, transformer, calculator, for various codings used in the wild wide web. (Assessment Criteria v1.0)
+
if the project has not been updated and has no activities after six months of creation, project coordinator sends an email to the project leader requesting an update and status to see how has been developing, CC: project review team regarding the lack of activity .Findings are then updated on the dashboard.  
  
;[[ESAPI Swingset|OWASP ESAPI Swingset Project]]
+
'''Step 10:'''
:the ESAPI Swingset is a web application which demonstrates common security vulnerabilities and asks users to secure the application against these vulnerabilities using the ESAPI library. (Assessment Criteria v2.0)
+
Over the next 6 months the project is monitored again for activity. If no updates have occurred since its inception after 12 months, project is then set as inactive and project leader and review team is notified about the status.
 +
Project coordinators updates :
 +
* Wiki page of the project is labeled as 'inactive' (inactive banner)
 +
*The Project is set under the 'inactive category'
 +
*Dashboard is updated with comments and set as inactive
  
;[[:Category:OWASP Favicon Database Project|OWASP Favicon Database Project]]
+
<hr>
:software enumeration via favicon.ico (Assessment Criteria v2.0)
+
  
;[[:OWASP Forward Exploit Tool Project|OWASP Forward Exploit Tool Project]]
+
'''Reference Material'''
:this projects aims to develop a tool to exploit Top 10 2010 - A10 - Unvalidated Forward vulnerability to bypass access control to protected Java application files (config, binary -source code, etc.). It aims also to automate the download of known files in Java Web applications. (Assessment Criteria v2.0)
+
  
;[[:Projects/OWASP GoatDroid Project|OWASP GoatDroid Project]]
+
[https://www.openhub.net/orgs/OWASP Openhub]
:this is the Android equivalent to the iGoat Project and will be a sub component of the Mobile Security Project and closely tied to the Mobile Top 10 Risks and forthcoming body of knowledge. (Assessment Criteria v2.0)
+
  
;[[OWASP Hackademic Challenges Project|OWASP Hackademic Challenges Project]]
+
[https://docs.google.com/spreadsheets/d/1lO8UoQgIFET3MC5v2OVVdtkTe1IbWiJLMnINx6Hm2jE/edit?ts=56a159b7#gid=0 Dashboard]
:this project implements realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. (Assessment Criteria v2.0)
+
  
;[[OWASP Hatkit Datafiddler Project|OWASP Hatkit Datafiddler Project]]
+
[https://www.owasp.org/index.php/Project_Reviews_Guideline Project Review Guidelines]
:this is a tool for performing advanced analysis of http traffic. (Assessment Criteria v2.0)
+
  
;[[OWASP Hatkit Proxy Project|OWASP Hatkit Proxy Project]]
+
[http://owasp.github.io/ProjectReviews/index.html GITHUB OWASP]
:the Hatkit Proxy is an intercepting http/tcp proxy based on the Owasp Proxy, but with several additions. (Assessment Criteria v2.0)
+
  
;[[:OWASP HTTP Post Tool|OWASP HTTP Post Tool]]
+
[https://docs.google.com/presentation/d/1tGdmgzDGjoHVtHZbV9dqGR2XQVlT8TR1cet-4r0C8RY/edit?ts=56a16be2#slide=id.gee0716e2f_0_1 Projects Slides]
:a tool for the purpose of performing web application security assessment around the availability concerns (Assessment Criteria v2.0)
+
  
;[[OWASP iGoat Project|OWASP iGoat Project]]
+
* Check out the '''[[Guidelines for OWASP Projects]]'''.
:The iGoat project aims to be a developer learning environment for iOS app developers. It was inspired by the OWASP WebGoat project in particular the developer edition of WebGoat (Assessment Criteria v2.0)
+
* [[Grant_Spending_Policy|Grant Spending Policy]]
 +
* [[Project_Spending_Policy|Project Spending Policy]]
 +
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]
  
;[[:Category:OWASP Insecure Web App Project|OWASP Insecure Web App Project]]
+
==OWASP Recommended Licenses==
:a web application that includes common web application vulnerabilities (Assessment Criteria v1.0)
+
  
;[[OWASP Java HTML Sanitizer|OWASP Java HTML Sanitizer]]
+
{{Recommended_Licenses}}
:this is a fast Java-based HTML Sanitizer which provides XSS protection (Assessment Criteria v2.0)
+
  
;[[:OWASP JavaScript Sandboxes|OWASP JavaScript Sandboxes]]
+
==Funding your Project==
:the goal of this project is to produce a simplified version of Javascript by using regular expressions to remove dangerous functionality and then use Javascript itself to evaluate the results. (Assessment Criteria v2.0)
+
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.  
  
;[[:OWASP Java XML Templates Project|OWASP Java XML Templates Project]]
+
== Project Release ==
:JXT is a fast and secure XHTML-compliant template language that runs on a model similar to JSP. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Joomla Vulnerability Scanner Project|OWASP Joomla Vulnerability Scanner Project]]
+
As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:
:a regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution,XSS, DOS,directory traversal vulnerabilities of a target Joomla! web site
+
  
;[[:Category:OWASP JSP Testing Tool Project|OWASP JSP Testing Tool Project]]
+
# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
:the goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. (Assessment Criteria v1.0)
+
# Link to your wiki page.
 +
# Link to your code repository or a link to where readers can download your project.
 +
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.
  
;[[:Category:OWASP LAPSE Project|OWASP LAPSE Project]]
+
==Project Process Forms==
:an Eclipse-based source-code static analysis tool for Java (Assessment Criteria v2.0)
+
These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.  
  
;[[:Category:OWASP Learn About Encoding Project|OWASP Learn About Encoding Project]]  
+
* [http://www.tfaforms.com/264422 Project Transition Application]:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.
:this project has as its ultimate goal of demystifying the problems related to the study of character encoding (charset encoding). (Assessment Criteria v1.0)
+
  
;[[OWASP Mantra - Security Framework|OWASP Mantra - Security Framework]]
+
* [http://www.tfaforms.com/264413 Project Review Application]:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.  
: this is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.  
+
  
;[[:Category:OWASP Mutillidae|OWASP Mutillidae Project]]
+
* [http://www.tfaforms.com/264418 Project Donation Application]:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.
:a deliberately vulnerable set of PHP scripts that implement the OWASP Top 10
+
  
;[[:OWASP NAXSI Project|OWASP NAXSI Project]]
+
* [http://www.tfaforms.com/264428 Project Adoption Request]:This form is used when someone is interested in adopting an archived project.  
:its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions.  (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP NetBouncer Project|OWASP NetBouncer Project]]
+
* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.
:is secure by default centralised input/output validation library which combines security rules and business rules as well as escaping in the output level. (Assessment Criteria v1.0)
+
  
;[[Opa |Opa]]
+
* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.
:Usher in a new generation of web development tools and methodologies. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Open Review Project|OWASP Open Review Project (ORPRO)]]
+
= Participating in a Project =
:a project to openly check open source libraries and software that are vital to most commercial and non-commercial apps around. (Assessment Criteria v2.0)
+
  
;[[OWASP OVAL Content Project|OWASP OVAL Content Project]]
+
<font size=2pt>
:The purpose of this project is to create OVAL content to enable any OVAL compatible tool find security issues which can be represented in a standard format (Assessment Criteria v2.0)
+
== Joining a Project... ==
  
;[[:OWASP O2 Platform|OWASP O2 Platform]]
+
OWASP projects are community driven and most projects are open for anyone motivated to join.  
:this project is a collection of Open Source modules that help Web Application Security Professionals to maximize their efforts and quickly obtain high visibility into an application's security profile (Assessment Criteria v2.0)
+
  
;[[:OWASP Passw3rd Project|OWASP Passw3rd Project]]
+
The first step is to find a project you are interested to be part of. The list of all projects can be found in the {{#switchtablink:Project_Inventory|Project Inventory}}. Further steps then depend on the status of the project you selected.
: this project stores passwords in encrypted files with an easy to use command line interface, and utilities to use the passwords in code (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP PHP AntiXSS Library Project|OWASP PHP AntiXSS Library Project]]
+
If the project is active, the best way is to join the mailing list and get in touch with the people actively participating. Other ways would be contacting the project leader team or just starting to participate by testing the software, writing blogs or documentation, report issues via tracker or even propose code modifications. In general, the more you show your interest and motivation, the easier it is to find yourself as a member of the team.
:reduce cross-site scripting vulnerabilities by encoding your output (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Python Static Analysis Project|OWASP Python Static Analysis Project]]
+
Some projects are of low activity or even inactive. In this case there is no possibility to join an existing team, but it would rather be a re-boot. If you feel eager to do this, please contact the general OWASP administrators. It is however important that you are sure about the commitment you are about to make.  
:the aim of this project is to provide full language support,other Python frameworks support, analysis improvement, reporting capability, documentation, promotion materials: publication-ready article and presentation (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Proxy|OWASP Proxy Project]]
+
Some things are important:  
:aims to provide a high quality intercepting proxy library which can be used by developers who require this functionality in their own programs, rather than having to develop it all from scratch. (Assessment Criteria v1.0)
+
  
;[[:OWASP Security Tools for Developers Project|OWASP Security Tools for Developers Project]]
+
- Don’t be shy. If you wish to be part of the OWASP initiative, you will find a task that suits your experience and your level of possible time investment.  
:aims to develop a reference implementation of open source tools integrated in an end to end development process. This will likely include a reference architecture, guidance and a reference implementation using open source tools. (Assessment Criteria v2.0)
+
  
;[[:OWASP Secure the Flag Competition Project]]
+
- Baby steps are easier than huge commitments. Just start helping with small tasks and get known by the project team. You will grow into the project in a natural way.
:aims to create a different type of competition that encourages secure coding rather than hacking skills. (Assessment Criteria v2.0)
+
  
;[[OWASP SIMBA Project|OWASP SIMBA Project]]
+
Please read more about the general project workflow on the {{#switchtablink:Starting_a_New_Project|Starting a New Project}} page.
:SIMBA (Security Integration Module for Business Applications) is a User Access Management system that can be integrated with any business application. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Sprajax Project|OWASP Sprajax Project]]
+
== Archives ==
:an open source black box security scanner used to assess the security of AJAX-enabled applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Stinger Project|OWASP Stinger Project]]  
+
[[Projects_Reboot_2012_Homepage|Archive of the 'Project Reboot 2012' page]]
:a project focus on the development of a centralized input validation mechanism which can be easily applied to existing or developmental applications (Assessment Criteria v1.0)
+
  
;[[:OWASP VFW Project|OWASP VFW Project]]
+
= Project Assessments  =
:this project is to mitigate web applications threats using Varnish which is a modern, very flexible and scalable reverse-proxy system which supports VCL, a wonderful domain-specific language to deal with HTTP (Assessment Criteria v2.0)
+
<font size=2pt>
 +
==OWASP Project Lifecycle==
 +
The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.
  
;[[:Category:OWASP Vicnum Project|OWASP Vicnum Project]]
 
:a flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag' (Assessment Criteria v2.0)
 
  
;[[OWASP WAF Project|OWASP WAF Project]]
+
====The OWASP Project Lifecycle is broken down into the following stages:====
:the OWASP Web Application Firewall (WAF) Project is a ModSecurity endorsed Port of their Language Specification (Level 1) for Java and .NET based on the contribution to ESAPI-Java by Arshan Dabirsiaghi (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Wapiti Project|OWASP Wapiti Project]]
+
'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.
:the project allows to audit the security by performing "black-box" scans acting like a fuzzer, injecting payloads to see if an application is vulnerable (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Web Application Security Metric using Attack Patterns Project|OWASP Web Application Security Metric using Attack Patterns Project]]
+
'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.  
:the project provides attack pattern database along with prototype model (Assessment Criteria v1.0)
+
  
;[[:OWASP Web Browser Testing System Project|OWASP Web Browser Testing System Project]]
+
'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.
: (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Web 2.0 Project|OWASP Web 2.0 Project]]
+
'''Code Projects''': OWASP code projects are very important for the cyber security solutions. Because these projects are used to find out the application security problems and try to solve those problems.
:a place for advanced research of security in the Web 2.0 world (Assessment Criteria v1.0)
+
  
;[[OWASP Web Testing Environment Project|OWASP Web Testing Environment Project]]
+
== OWASP Project Stage Benefits==
: (Assessment Criteria v2.0)
+
This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.
  
;[[:Category:OWASP WeBekci Project|OWASP WeBekci Project]]
+
'''Incubator'''
:this is web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. (Assessment Criteria v1.0)
+
* Financial Donation Management Assistance
 +
* Project Review Support
 +
* WASPY Awards Nominations
 +
* OWASP OSS and OPT Participation
 +
* Opportunity to submit proposal: $500 for Development.
 +
* Community Engagement and Support
 +
* Recognition and visibility of being associated with the OWASP Brand.
  
;[[:Category:OWASP Webslayer Project|OWASP Webslayer Project]]
+
'''Labs'''
:a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (Assessment Criteria v1.0)
+
* All benefits given to Incubator Projects
 +
* Technical Writing Support
 +
* Graphic Design Support
 +
* Project Promotion Support
 +
* OWASP OSS and OPT: Preference
  
;[[OWASP WebScarab NG Project|OWASP WebScarab NG Project]]
+
'''Flagship'''
:this is a robust tool that assists the user in penetration test. This is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly-  (Assessment Criteria v2.0)
+
* All benefits given to Incubator & Labs Projects
 +
* Grant finding and proposal writing help
 +
* Yearly marketing plan development
 +
* OWASP OSS and OPT participation preference
  
;[[OWASP WhatTheFuzz Project|OWASP WhatTheFuzz Project]]
+
For more detailed information on OWASP Project Stage Benefits, please see the Project Handbook.
:this is an easy to use, easy to get started fuzzer for websites (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Yasca Project|OWASP Yasca Project]]
+
== Project Monitoring Incubator/Documentation ==
:Yasca is a new static analysis tool designed to scan Java, C/C++, JavaScript, .NET, and other source code for security and code-quality issues. Yasca is easily extensible via a plugin-based architecture, so scanning PHP, Ruby, or other languages is as simple as coming up with rules or integrating external tools. (Assessment Criteria v1.0)
+
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
 +
You can set your project active at any time, as long as:
 +
* There has been commits to the project's open repository or
 +
* There has been a beta release of the documentation produced so far or
 +
* Provide a detailed Roadmap
  
|
+
===Importance of a well thought out Roadmap===
;[[:Category:OWASP ASDR Project|OWASP ASDR Project]]
+
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.
:is a reference volume that contains basic information about all the foundational topics in application security (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Application Security Metrics Project|OWASP Application Security Metrics Project]]
 
:identify and provide a set of application security metrics that have been found by contributors to be effective in measuring application security (Assessment Criteria v2.0)
 
  
;[[:OWASP Application Security Program for Manager|OWASP Application Security Program for Manager]]  
+
[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]
:create an OWASP Roadmap for the world wide Companies Type. (Assessment Criteria v2.0)
+
  
;[[:OWASP Application Security Skills Assessment|OWASP Application Security Skills Assessment]]
+
"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
:Help individuals understand their strengths and weaknesses in specific application security skills. (Assessment Criteria v2.0)
+
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"
  
;[[:Category:OWASP AIR Security Project|OWASP AIR Security Project]]
+
==Project Monitoring for LABS/Flagship==
:investigating the security of AIR applications (Assessment Criteria v1.0)
+
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
 +
===For Code and Tools===
 +
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
 +
*Can the project be built correctly?
 +
*Does the project has any activity(commits) in the last 6 months?
 +
*Does the project had any releases in the last 6 months?
 +
*Has the project leaders updated his wiki or website to reflect latest releases?
 +
===For Documentation===
 +
For this part, we are working on the development of an adequate assessment criteria
 +
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]
  
;[[:Category:OWASP AJAX Security Project|OWASP AJAX Security Guide]]
+
== OWASP Project Graduation==
:investigating the security of AJAX enabled applications (Assessment Criteria v1.0)
+
The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
  
;[[:Category:OWASP Anti-Malware Project|OWASP Anti-Malware Project]]
+
The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.
:describing common flaws in security designs (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Application Security Requirements Project|OWASP Application Security Requirements]] (Assessment Criteria v1.0)
+
* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]
  
;[[:Category:OWASP Best Practices: Use of Web Application Firewalls|OWASP Best Practices: Use of Web Application Firewalls]]
+
==OWASP Project Health Assessment==
:the document is aimed primarily at technical decision-makers, especially those responsible for operations and security (Assessment Criteria v1.0)
+
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
  
;[[:Category:OWASP Book Cover & Sleeve Design|OWASP Book Cover &amp; Sleeve Design]]
+
==OWASP Project Deliverable/Release Assessment==
:this is a project of corporate design to develop a scalable book cover series strategy and a Book Sleeve. (Assessment Criteria v1.0)
+
The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.  
  
;[[:OWASP Browser Security Project|OWASP Browser Security Project]]
+
Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.  
:To be definied (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Boot Camp Project|OWASP Boot Camp Project]]
+
* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Deliverable/Release Assessment Criteria Checklist]
:this project was started to supply a brief information about the OWASP projects. (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Career Development Project|OWASP Career Development Project]]
 
:The OWASP Career Development project is focused on helping application security professionals understand the job market, roles, career paths, and skills to work in the field. (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP Certification Criteria Project|OWASP Certification Criteria Project]]
+
= Brand Resources  =
 +
<font size=2pt>
  
(Assessment Criteria v1.0)
+
==The Brand Usage Rules==
 +
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.
  
;[[:Category:OWASP Certification Project|OWASP Certification Project]]  
+
==Project Icons & Templates==
:our challenge is to create a plan for certification: a set of OWASP Certification for Developers and Testers. (Assessment Criteria v1.0)
+
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.
  
;[[:Cheat Sheets|OWASP Cheat Sheets Project]]
+
(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).
:this project was created to provide a concise collection of high value information on specific security topics. These cheat sheets were created by multiple application security experts and provide excellent security guidance in an easy to read format. (Assessment Criteria v2.0)
+
  
;[[:OWASP Codes of Conduct|OWASP Codes of Conduct]]
+
If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance
:to create and maintain OWASP Codes of Conduct. (Assessment Criteria v2.0)
+
  
;[[:OWASP College Chapters Program|OWASP College Chapters Program]]  
+
'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''
:(Assessment Criteria v2.0)
+
  
;[[OWASP Common Numbering Project|OWASP Common Numbering Project]]  
+
'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''
:a new numbering scheme that will be common across OWASP Guides and References (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP CBT Project|Computer Based Training Project (OWASP CBT Project)]]  
+
[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]
:the goal of this project is to provide computer based training on OWASP security related initiatives. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Communications Project|OWASP Communications Project]]
+
[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]
  
(Assessment Criteria v1.0)
+
[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]
  
;[[:Category:OWASP Cloud ‐ 10 Project|OWASP Cloud ‐ 10 Project]]  
+
[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]
:The goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. (Assessment Criteria v2.0)
+
  
;[[:OWASP Enterprise Application Security Project|OWASP Enterprise Application Security Project]]  
+
===OpenSAMM===
:provides guidance to people involved in the procurement, design, implementation or sign-off of large scale (ie 'Enterprise') applications. (Assessment Criteria v2.0)
+
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''
  
;[[:OWASP Exams Project|OWASP Exams Project]]
+
'''Construction:'''
:The OWASP Exams project will establish the model by which the OWASP community can create and distribute CC-licensed exams for use by educators. (Assessment Criteria v2.0)
+
  
;[[:OWASP Fiddler Addons for Security Testing Project|OWASP Fiddler Addons for Security Testing Project]]  
+
[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]]  [[image:Construction olive.png |construction olive|100px]]
:a passive vulnerability scanner and an active XSS testing and input/output encoding detection (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Flash Security Project|OWASP Flash Security Project]]
+
'''Deployment:'''
:investigating the security of Flash applications (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Fuzzing Code Database|OWASP Fuzzing Code Database]]  
+
[[image:Deployment black.png| Deployment black| 100px]]  [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]
:a project to collect, share and compose statements used as code injections like SQL, SSI, XSS, Formatstring and as well directory traversal statements. (Assessment Criteria v1.0)
+
  
;[[:OWASP Hungarian Translation Project|OWASP Hungarian Translation Project]]
+
'''Governance:'''
:we plan to translate OWASP material that we consider fundamental (ASVS, Bulding Guide, Testing Guide, Top 10) first, and move on later. (Assessment Criteria v2.0)
+
  
;[[OWASP German Language Project|OWASP German Language Project]]
+
[[image:Governance black.png| governance black| 100px]]  [[image:Governance blue.png | governance blue | 100px]] [[image:Governance olive.png | governance olive| 100px]]
:(Assessment Criteria v2.0)
+
   
+
;[[:Category:OWASP Individual and Corporate Member Packs plus Conference Attendee Packs Brief|OWASP Member Packs/Conference Attendee Packs]]  
+
:this is a project of corporate design to develop an Individual/Member Pack. (Assessment Criteria v1.0)
+
  
;[[:OWASP Java Project|OWASP Java Project]]
+
'''Verification:'''
:a project focused on helping Java and J2EE developers build secure applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Logging Project|OWASP Logging Guide]]  
+
[[image:Verification black.png | Verification black | 100px]]  [[image:Verification blue.png | verification blue | 100px]] [[image: Verification olive.png | Verification olive | 100px]]
:a project to define best practices for logging and log management (Assessment Criteria v1.0)
+
  
;[[:OWASP Mobile Security Project|OWASP Mobile Security Project]]  
+
==Book Cover Files==
:a project to help the community better understand the risks present in mobile applications, and learn to defend against them. (Assessment Criteria v2.0)
+
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.
  
;[[OWASP Myth Breakers Project|OWASP Myth Breakers Project]]
+
[[Media:Lulu-guide.pdf|Lulu Guide]]
:a project similar to http://dsc.discovery.com/tv/mythbusters but for appsec, urban legends and assumptions regarding appsec will be tested and there'll be a set of examples that will prove the correctness/uncorrectness of a statement realted to the question. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP on the Move Project|OWASP on The Move Project]]  
+
'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
:a project offering OWASP sponsorship for OWASP (related) speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)
+
{|
 +
|-
 +
! width="500" align="center" | <br>
 +
! width="300" align="center" | <br>
 +
|-
 +
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]
 +
| align="center" |
  
;[[:Category:OWASP PCI Project|OWASP PCI Project]]
+
|}
:a project to build and maintain community concensus for managing regulatory risk of web applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP PHP Project|OWASP PHP Project]]
+
= Terminology =
:a project focused on helping PHP developers build secure applications (Assessment Criteria v1.0)
+
<font size=2pt>
 +
== OWASP Project Infrastructure ==
  
;[[:OWASP Portuguese Language Project|OWASP Portuguese Language Project]]
 
:a project aiming to coordinate and push foward the iniciatives developed to translate OWASP materials to Portuguese. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Positive Security Project|OWASP Positive Security Project]]
+
*'''OWASP Project Lifecycle:''' The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.
:a project to learn how companies are working to create a positive security approach on their own resources and use this knowledge to create a set of control, marketing and awareness tools that will be available to promote and construct a positive approach to security worldwide (Assessment Criteria v1.0)
+
  
;[[OWASP RFP-Criteria|OWASP Request for Proposal]]
 
:a project that is intended to provide a list of questions to consider when seeking a dynamic application security service provider. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP SASAP Project|OWASP Scholastic Application Security Assessment Project]]
+
*'''Incubator Project:''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
:a project that is intended to be the first step towards integrating security requirements in academic course curriculum (Assessment Criteria v1.0)
+
  
;[[:OWASP Secure Password Project|OWASP Secure Password Project]]
 
:a project that will have a two pronged approach designed to put more nails in the single-factor method of authentication (Assessment Criteria v2.0)
 
  
;[[:OWASP Secure Web Application Framework Manifesto]]
+
*'''Labs Project:''' OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
:this project is a document detailing a specific set of security requirements for developers of web application frameworks to adhere to. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Security Analysis of Core J2EE Design Patterns Project|OWASP Security Analysis of Core J2EE Design Patterns Project]]
 
:a to be a design-time security reference for developers implementing common patterns independent of specific platforms and frameworks (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Security Assurance Testing of Virtual Worlds Project|OWASP Security Assurance Testing of Virtual Worlds Project]]
+
*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.  
:a testing framework specific to Virtual World related applications (MMORGs) and environments (Assessment Criteria v2.0)
+
  
;[[:OWASP Security Baseline Project|OWASP Security Baseline Project]]
 
:aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Security Spending Benchmarks|OWASP Security Spending Benchmarks]]
 
:provides insight to reduce operational appsec costs (Assessment Criteria v1.0)
 
  
;[[:Category:Software Assurance Maturity Model|Software Assurance Maturity Model (SAMM)]]
+
*'''Project Benefits:''' The standard list of resources and incentives made available to project leaders based on their project's current maturity level.  
:this project is committed to building a usable framework to help organizations formulate and implement a strategy for application security that's tailored to the specific business risks facing the organization.
+
  
;[[OWASP Software Security Assurance Process|OWASP Software Security Assurance Process]]
 
:To outlines mandatory and recommended processes and practices to manage risks associated with applications. Should be the framework to map Requirements, Dev and Testing guidelines for example.  (Assessment Criteria v2.0)
 
  
;[[OWASP Threat Modelling Project|OWASP Threat Modelling Project]]
 
:(Assessment Criteria v2.0)
 
  
;[[OWASP Uniform Reporting Guidelines|OWASP Uniform Reporting Guidelines]]
+
== OWASP Project Reviews ==
:this project will complement the OWASP testing guide as well as the OWASP RFP Template. This is going to be a reporting template for vulnerability findings which will be free, base on industry best practices and hopefully will become the defacto standard. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Validation Project|OWASP Validation Project]]
 
:a project that provides guidance and tools related to validation (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP WASS Project|OWASP WASS Guide]]
+
*'''Project Reviews:''' Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.  
:a standards project to develop more concrete criteria for secure applications (Assessment Criteria v1.0)
+
  
;[[:Category:OWASP Web Application Scanner Specification Project|OWASP Web Application Scanner Specification Project]]
 
:there will always be a "gap" between the types of attacks that can be performed and those which can be found by an automated scanner. This project will attempt to outline some of those shortcomings and offer a plan for comparing and/or building web application vulnerability scanners. (Assessment Criteria v1.0)
 
  
;[[OWASP Web Application Security Accessibility Project|OWASP Web Application Security Accessibility Project]]
+
*'''Project Reviewer Pool:''' The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.  
:this project will focus extensively on the issue of web application security accessibility. (Assessment Criteria v2.0)
+
  
;[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]
 
:real-world web application security for Ruby on Rails, Apache and MySQL (Assessment Criteria v1.0)
 
  
;[[:Category:OWASP XML Security Gateway Evaluation Criteria Project|OWASP XML Security Gateway Evaluation Criteria]]
+
*'''Project Graduation:''' The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.
:a project to define evaluation criteria for XML Security Gateways (Assessment Criteria v1.0)
+
  
;[[Security Ecosystem Project|OWASP Security Ecosystem Project]]
 
:nobody (and no company) can build secure software by themselves. We have seen that vulnerability research can help to drive security forward in companies, but it’s a painful process. We envision a partnership between technology platform vendors and a thriving ecosystem focused on the security of their technology. (Assessment Criteria v2.0)
 
  
;[[:Category:OWASP Speakers Project|OWASP Speakers Project]]
+
*'''Project Health Assessment:''' The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE#gid=1 Project Health Assessment Criteria Document].
:a project to match offer and demand regarding OWASP (related) presentations by speakers on web application security events or chapter meetings. (Assessment Criteria v1.0)
+
  
|}
 
  
=Inactive Projects=
+
*'''Project Release:''' A project release refers to the final deliverable a project produces. It is the final product of the project.
  
*Inactive projects are unrated projects (projects that have not reached any one of Alpha, Beta, or Release status) which may have been abandoned. Efforts are being made to contact project leads to determine status and plans for future work.
 
*Projects are listed below.
 
:<paypal>OWASP Projects</paypal>
 
Project and Local Chapter - [https://www.owasp.org/index.php/Donation_Scoreboard available funds]
 
  
{| width="100%"
+
*'''Project Deliverable/Release Review:''' The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.
|-
+
! width="50%" | Tools
+
! Documentation
+
|- valign="top"
+
|
+
;[[:Category:OWASP CAL9000 Project|OWASP CAL9000 Project]]
+
:a JavaScript based web application security testing suite
+
  
;[[:Category:OWASP Google Hacking Project|OWASP Google Hacking Project]]
 
:Google SOAP Search API with Perl
 
  
;[[:Category:OWASP Interceptor Project|OWASP Interceptor Project]]
 
:A testing tool for XML web service and Ajax interfaces.
 
  
;[[:Category:OWASP LiveCD Education Project|OWASP Live CD Education Project]]
+
== OWASP Projects Processes ==
:an educational supplement project containing tutorials, challenges and videos detailing the use of tools contained within the OWASP LiveCD - LabRat. This project was sponsored by [[OWASP Spring Of Code 2007|OWASP Spring Of Code 2007]] and [http://www.securitydistro.com/ Security Distro] (Assessment Criteria v1.0)
+
  
|
+
*'''Project Processes:''' The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.
;[[:OWASP Corporate Application Security Rating Guide|OWASP Corporate Application Security Rating Guide]]
+
:This project will organize and structure publicly available data that large companies will share of the lessons learned about how to organize an application security initiative, best practices for training and testing, and more.
+
  
;[[:Category:OWASP Source Code Flaws Top 10 Project|OWASP Source Code Flaws Top 10 Project]]
 
:a project that is a sort of Top 10 of flaw categories that can be used to match vulnerabilities found during a code review (Assessment Criteria v1.0)
 
  
|}
+
*'''Project Inception Process:''' The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.
 +
 
 +
 
 +
*'''Project Donation Process:''' The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.
 +
 
 +
 
 +
*'''Project Transition Process:''' The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.
 +
 
 +
 
 +
*'''Project Abandonment Process:''' The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.
 +
 
 +
 
 +
*'''Incubator Graduation Process:''' The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.
 +
 
 +
 
 +
== Projects at Conferences ==
 +
 
 +
*'''AppSec Conferences:''' OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.
 +
 
 +
 
 +
*'''Open Source Showcase:''' The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.
 +
 
 +
 
 +
*'''OWASP Project Track:''' The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.
 +
 
 +
 
 +
== OWASP Projects General == 
 +
 
 +
*'''OWASP Code of Ethics:''' The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics OWASP About page].
 +
 
 +
 
 +
= Sponsorships and Donations  =
 +
<font size=2pt>
 +
 
 +
==Donate to OWASP Global Projects ==
 +
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.
 +
 
 +
'''This is how your money can help:'''
 +
 
 +
* $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
 +
* $100 could help fund OWASP project demos at major conferences.
 +
* $250 could help get our volunteer Project Leaders to speaking engagements.
 +
 
 +
 
 +
[[Image:Donate_Button.jpg | link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
 +
 
 +
 
 +
 
 +
= Contact US  =
 +
<font size=2pt>
 +
 
 +
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
 +
</font>
 +
 
 +
= Project Review Volunteer Board =
 +
<font size=3pt>
 +
 
 +
 
 +
CURRENTLY ALL PROJECT REVIEWS ARE HALTED UNTIL FURTHER NOTICE -
 +
Please contact Claudia Aviles Casanovas with questions using the [https://www.tfaforms.com/308703| contact us form]
 +
 
 +
 
 +
'''Volunteer to do a Technical Project Reviews!'''
 +
 
 +
'''Listed below are OWASP Project that need your help and technical expertise to graduate to the next level.
 +
'''
 +
 
 +
[http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing VOLUNTEERS NEEDED TO REVIEW A PROJECT!]
 +
 
 +
[http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000tflX Review a Tool Project]
 +
 
 +
[http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing?campaignid=701U0000000tfn4 Review a Code Project]
 +
 
 +
W
  
<headertabs />
 
  
{{PutInCategory}}
+
</font>
 +
<headertabs />

Latest revision as of 08:06, 27 April 2016



OWASP Project Header.jpg
[edit]

Welcome to the OWASP Global Projects Page

(The Projects pages are constantly being updated. Some pages may contain outdated information. You can help OWASP to keep these pages current by visiting FixME) Please contact Claudia Aviles Casanovas with questions using the contact us form

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has 'over '89' active projects', and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the OWASP Project Mailing Lists page. A summary of recent project announcements is available on the OWASP Updates page.

Download the OWASP Project Handbook 2014 - 2016 Project handbook updates are in progres, Contact US to join the collobration team and improve the process

OWASP Project Handbook Wiki 2014

Project Online Resources

Who Should Start an OWASP Project?

  • Application Developers.
  • Software Architects.
  • Information Security Authors.
  • Those who would like the support of a world wide professional community to develop or test an idea.
  • Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

Contact Us

If you have any questions, please do not hesitate to Contact Us by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.

Fund Details

Please see additional OWASP PROJECT FUNDING for 2016

https://www.owasp.org/index.php/OWASP_Board_Votes

OWASP Project Inventory

All OWASP tools, document, and code library projects are organized into the following categories:

  • Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
  • Lab Projects: OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
  • Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

Social Media

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our "Contact Us" form found above.

Blogger-32x32.png Twitter-32x32.png Facebook-32x32.png Linkedin-32x32.png Google-32x32.png Ning-32x32.png

(The Projects pages are constantly being updated. Some pages may contain outdated information. You can help OWASP to keep these pages current by visiting FixME) Please contact Claudia Aviles Casanovas with questions using the contact us form

Quick Guide to Projects

Quick Guide for Developers

This is a Quick Guide for Developers new to OWASP projects:

Infographic containing Hyperlinks to projects: https://magic.piktochart.com/output/6400107-untitled-infographic

Downloadable Images: File:Owasp Dev Guide.pdf

Flagship Projects

Flagship banner.jpg

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole. After a major review process [More info here] the following projects are considered to be flagship candidate projects. These project have been evaluated more deeply to confirm their flagship status:

Tools [Reviewed September 2014 - Health Check February 2016]

Code [Reviewed November 2014 - Health Check February 2016]

Documentation[Reviewed February 2015 - Health Check February 2016]

Labs Projects

Lab banner.jpg

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

Thumbs up

Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

Tools [Reviewed February 2015]Health Check February 2016]

Documentation [In Progress-Results by February/March 2015]Health Check February 2016]

Contests - Health Check February 2016

Code [Reviewed February 2015] Health Check February 2016

Incubator Projects

Incubator banner.jpg

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

Thumbs up

Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation


Code [Reviewed March 2015 - Health Check February 2016]

Research

Tools [Reviewed last: May 2015 - Health Check February 2016]

Documentation[Review: May 2015 - Health Check February 2016]

Educational Initiatives

Health Check February 2016

Low Activity Projects

Low activity.jpg

Low Activity (LABS)[Reviewed July 2015] Health Check February 2016

These projects had no releases in at least a year, however have shown to be valuable tools Code [Low Activity] Health Check February 2016

Tools Health Check February 2016

Documentation [Low Activity] Health Check February 2016

Donated Projects

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

Tools

OWASP Archived Projects

OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

Added New Project on February 2016

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

OWASP Project Task Force

(The Projects pages are constantly being updated. Some pages may contain outdated information. You can help OWASP to keep these pages current by visiting FixME) Please contact Claudia Aviles Casanovas with questions using the contact us form

This task force is focused on OWASP Projects with a first focus on cleaning up the OWASP incubator list

Project Online Resources

Please note that some services are 100% free and some have nominal cost.

This page is for OWASP project leaders and details some of the online services that have been found to be useful for OWASP projects.

How to Run a Successful Open Source Project

http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf

Openhub (formerly known as Ohloh)

OWASP is a registered Organisation on Openduck, a free, public directory of Free and Open Source Software and the contributors who create and maintain it.

If you manage an OWASP project you should:

  • Register yourself on Openhub
  • Make sure your project is registered on Openduck- you can add it yourself if it is not
  • Register yourself as the manager
  • Check that the settings are correct, especially the repositories
  • Make sure it belongs to the OWASP organisation - Contact OWASP or Simon Bennetts if it is not
  • Claim all of your contributions to open source projects
  • Consider including Openhub Widgets on your project homepage or wiki
  • Help other OWASP projects by flagging and rating the ones you use

Other Free Services

These are all free to open source projects.

Other Paid For Services

Open for Suggestions and depending on your project budget and/or *Community Engagement Funding.

  • Please note: Th cost may be covered by the Community Engagement Funding up to $500 if it meets the policy requirements.
 If it is more than $500 or outside policy guidelines, it would require special approval by our Executive Director.

So you want to start a project...

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.

HowToStartProjectoWasp.png

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the Project Ideas Board.This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "How to start /run a successful Open Source Projects".

RoadmapIncubatorProjectExample2.PNG

Some recommendations on how to start a documentation project [Document Guide Project]

Importance of a well thought out Road-map

Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.


"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers." Extracted from : "[10 Tips for Creating an Agile Product Roadmap]"

  • Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  • You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
  • Available Grants to consider if you need funding - Click Here
  • You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

Creating a New Project

Once you have passed the Project Ideas phase, then you will be ready to start a new project

Please submit a new project application here.'

2016 OWASP Project Process

Existing WORKFLOW Incubator Project Flow

Step 1: New Project Leader submits New Project Request Form it is logged in the system and an alert is sent to the Project Coordinator

Step 2: New Project Request is received and reviewed by Project Coordinator for complete information .It must contain the following information to qualify as an acceptable submission: You will need to gather the following information together for your application:

  • Project Name,
  • Project purpose / overview,
  • Project Roadmap,
  • Project links (if any) to external sites,
  • [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
  • Project Leader name,
  • Project Leader email address,
  • Project Leader wiki account - the username (you'll need this to edit the wiki),
  • Project Contributor(s) (if any) - name email and wiki account (if any),
  • Project Main Links (if any).
  • ==>For Documentation: A table of Contents
  • ==>For Code: A prototype hosted in an open source repository of your choice.

Step 3: If all information is completed following the minimum criteria for Projects (Code/Tool/documentation), The Project Coordinator notifies the Project Leader that the request has been accepted, and at the same time notifies the Review team that a new project has been submitted, including al the information requested in the project criteria

Step 4: Project Coordinator proceeds to create a new Wiki page for the project including all the information sent by the project leader. project coordinator uses one of these project wiki template:

Also Project coordinator creates a mailing list for the project leader and sets him as admin

Step 5: Project Coordinator notifies project leader and Review team about the created wiki page, providing the link to the wiki page.

  • Review team might provide comments for further improvement of the wiki page if necessary
  • Project leader should request a wiki account to be able to update his own wiki page afterwards if he has not one yet

Step 6: Project coordinator updates the Wiki project inventory, Dashboard and open hub with the information regarding the new created project

Step 7: Project is set in the agenda by the Project Coordinator for monitoring over the next 3 months to check how has been developing.

Step 8: Every 3 months, project co-ordinator monitors the activity on the wiki page for new updates and on the Openhub for commits and level of activity . Findings are then reported on the Dashboard as comments and CC through email to the review team

Step 9: if the project has not been updated and has no activities after six months of creation, project coordinator sends an email to the project leader requesting an update and status to see how has been developing, CC: project review team regarding the lack of activity .Findings are then updated on the dashboard.

Step 10: Over the next 6 months the project is monitored again for activity. If no updates have occurred since its inception after 12 months, project is then set as inactive and project leader and review team is notified about the status. Project coordinators updates :

  • Wiki page of the project is labeled as 'inactive' (inactive banner)
  • The Project is set under the 'inactive category'
  • Dashboard is updated with comments and set as inactive

Reference Material

Openhub

Dashboard

Project Review Guidelines

GITHUB OWASP

Projects Slides

OWASP Recommended Licenses

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
ToolProject
(Non-WebBased)
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"
Tool Project
(WebBased)
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)


Funding your Project

An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

Project Release

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

  1. Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
  2. Link to your wiki page.
  3. Link to your code repository or a link to where readers can download your project.
  4. Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

Project Process Forms

These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

  • Project Transition Application:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.
  • Project Review Application:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.
  • Project Donation Application:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.
  • Project Abandonment Request:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

Joining a Project...

OWASP projects are community driven and most projects are open for anyone motivated to join.

The first step is to find a project you are interested to be part of. The list of all projects can be found in the Project Inventory. Further steps then depend on the status of the project you selected.

If the project is active, the best way is to join the mailing list and get in touch with the people actively participating. Other ways would be contacting the project leader team or just starting to participate by testing the software, writing blogs or documentation, report issues via tracker or even propose code modifications. In general, the more you show your interest and motivation, the easier it is to find yourself as a member of the team.

Some projects are of low activity or even inactive. In this case there is no possibility to join an existing team, but it would rather be a re-boot. If you feel eager to do this, please contact the general OWASP administrators. It is however important that you are sure about the commitment you are about to make.

Some things are important:

- Don’t be shy. If you wish to be part of the OWASP initiative, you will find a task that suits your experience and your level of possible time investment.

- Baby steps are easier than huge commitments. Just start helping with small tasks and get known by the project team. You will grow into the project in a natural way.

Please read more about the general project workflow on the Starting a New Project page.

Archives

Archive of the 'Project Reboot 2012' page

OWASP Project Lifecycle

The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.


The OWASP Project Lifecycle is broken down into the following stages:

Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

Lab Projects: OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

Code Projects: OWASP code projects are very important for the cyber security solutions. Because these projects are used to find out the application security problems and try to solve those problems.

OWASP Project Stage Benefits

This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

Incubator

  • Financial Donation Management Assistance
  • Project Review Support
  • WASPY Awards Nominations
  • OWASP OSS and OPT Participation
  • Opportunity to submit proposal: $500 for Development.
  • Community Engagement and Support
  • Recognition and visibility of being associated with the OWASP Brand.

Labs

  • All benefits given to Incubator Projects
  • Technical Writing Support
  • Graphic Design Support
  • Project Promotion Support
  • OWASP OSS and OPT: Preference

Flagship

  • All benefits given to Incubator & Labs Projects
  • Grant finding and proposal writing help
  • Yearly marketing plan development
  • OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the Project Handbook.

Project Monitoring Incubator/Documentation

Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive. You can set your project active at any time, as long as:

  • There has been commits to the project's open repository or
  • There has been a beta release of the documentation produced so far or
  • Provide a detailed Roadmap

Importance of a well thought out Roadmap

Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.


RoadmapIncubatorProjectExample2.PNG

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers." Extracted from : "[10 Tips for Creating an Agile Product Roadmap]"

Project Monitoring for LABS/Flagship

These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.

For Code and Tools

For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:

  • Can the project be built correctly?
  • Does the project has any activity(commits) in the last 6 months?
  • Does the project had any releases in the last 6 months?
  • Has the project leaders updated his wiki or website to reflect latest releases?

For Documentation

For this part, we are working on the development of an adequate assessment criteria The following is a draft of the new process proposal: [Proposal for Reviewing OWASP Document projects]

OWASP Project Graduation

The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

OWASP Project Health Assessment

The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

OWASP Project Deliverable/Release Assessment

The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.


The Brand Usage Rules

See OWASP's The Brand Usage Rules for details.

Project Icons & Templates

See OWASP'S Project Icons & Templates for details.

(Following links and images are provided for a quick overview only, the primary page is Project Icons & Templates).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

OWASP Operational Wiki Template

OWASP Example Template: DO NOT EDIT

Owasp logo

Owasp logo Owasp logo 1c

Owasp logo Owasp logo Owasp logo Owasp logo

Owasp logo rev icon Owasp logo flat Owasp logo icon

OpenSAMM

OpenSAMM Icons

Construction:

Construction black Construction blue construction olive

Deployment:

Deployment black Deployment blue Deployment olive

Governance:

governance black governance blue governance olive

Verification:

Verification black verification blue Verification olive

Book Cover Files

See OWASP's Project Icons & Templates for details.

Lulu Guide

Download the Book Cover Zip File



BookImage 01.jpg

OWASP Project Infrastructure

  • OWASP Project Lifecycle: The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.


  • Incubator Project: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.


  • Labs Project: OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.


  • Flagship Project: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.


  • Project Benefits: The standard list of resources and incentives made available to project leaders based on their project's current maturity level.


OWASP Project Reviews

  • Project Reviews: Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.


  • Project Reviewer Pool: The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.


  • Project Graduation: The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.


  • Project Health Assessment: The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document.


  • Project Release: A project release refers to the final deliverable a project produces. It is the final product of the project.


  • Project Deliverable/Release Review: The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.


OWASP Projects Processes

  • Project Processes: The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.


  • Project Inception Process: The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.


  • Project Donation Process: The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.


  • Project Transition Process: The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.


  • Project Abandonment Process: The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.


  • Incubator Graduation Process: The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.


Projects at Conferences

  • AppSec Conferences: OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.


  • Open Source Showcase: The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.


  • OWASP Project Track: The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.


OWASP Projects General

  • OWASP Code of Ethics: The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the OWASP About page.


OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

This is how your money can help:

  • $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
  • $100 could help fund OWASP project demos at major conferences.
  • $250 could help get our volunteer Project Leaders to speaking engagements.


Donate Button.jpg


If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to Contact Us.


CURRENTLY ALL PROJECT REVIEWS ARE HALTED UNTIL FURTHER NOTICE - Please contact Claudia Aviles Casanovas with questions using the contact us form


Volunteer to do a Technical Project Reviews!

Listed below are OWASP Project that need your help and technical expertise to graduate to the next level.

VOLUNTEERS NEEDED TO REVIEW A PROJECT!

Review a Tool Project

Review a Code Project

W


Subcategories

This category has the following 135 subcategories, out of 135 total.

A

B

C

D

E

F

G

H

I

J

L

M

N

O

O cont.

P

R

S

T

V

W

X

Y

Pages in category "OWASP Project"

The following 200 pages are in this category, out of 345 total.

(previous 200) (next 200)

 

A

B

C

D

E

F

G

H

I

J

K

M

M cont.

N

O

O cont.

(previous 200) (next 200)