Difference between revisions of "Category:OWASP Project"

From OWASP
Jump to: navigation, search
(Tools [Reviewed February 2015])
 
(727 intermediate revisions by 17 users not shown)
Line 5: Line 5:
 
! width="500" align="center" | <br>
 
! width="500" align="center" | <br>
 
|-
 
|-
| align="center" | [[Image:NEW-PROJECTS-BANNER.jpg|950px| link=https://www.owasp.org/index.php/Category:OWASP_Project]]
+
|
| align="center" |  
+
| align="right" |  
  
 
|}
 
|}
  
 +
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 
= Welcome  =
 
= Welcome  =
 
{| style="width: 100%;"
 
{| style="width: 100%;"
Line 21: Line 22:
 
=== Welcome to the OWASP Global Projects Page ===
 
=== Welcome to the OWASP Global Projects Page ===
  
An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 148 active projects, and new project applications are submitted every week.   
+
An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.   
  
 
This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.  
 
This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the [http://lists.owasp.org/mailman/listinfo OWASP Project Mailing Lists] page. A summary of recent project announcements is available on the [[OWASP Updates]] page.  
  
'''[https://www.owasp.org/images/6/6a/OWASP_Projects_Handbook_2013.pdf Download the OWASP Projects Handbook 2013]'''
+
Download the '''[[Media:PROJECT_LEADER-HANDBOOK_2014.pdf|OWASP Project Handbook 2014]]'''
  
=== OWASP Project Inventory ===
+
'''[[OWASP_2014_Project_Handbook|OWASP Project Handbook Wiki 2014]]'''
  
All OWASP tools, document, and code library projects are organized into the following categories:  
+
Download the '''[[Media:OWASP_Projects_Handbook_2013.pdf|OWASP Projects Handbook 2013]]'''
  
* '''[https://www.owasp.org/index.php/OWASP_Project_Inventory#Incubator_Projects Incubator Projects:]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
+
'''[[Project_Online_Resources|Project Online Resources]]'''
 
+
* '''[https://www.owasp.org/index.php/OWASP_Project_Inventory#Labs_Projects Lab Projects:]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
+
 
+
* '''[https://www.owasp.org/index.php/OWASP_Project_Inventory#Flagship_Projects Flagship Projects:]''' The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole.
+
  
 
=== Who Should Start an OWASP Project? ===
 
=== Who Should Start an OWASP Project? ===
Line 47: Line 44:
 
=== Contact Us===
 
=== Contact Us===
  
If you have any questions, please do not hesitate to contact the [http://owasp4.owasp.org/contactus.html OWASP Projects Manager, Samantha Groves] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.  
+
If you have any questions, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us] by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.
 +
 
 +
 
 +
=== Fund Details ===
 +
 
 +
* [https://www.owasp.org/images/c/c1/20150824_-_US_Project_Funds.pdf Project Transactions - US (Amount shown in USD)]
 +
* [https://www.owasp.org/images/d/db/20150824_-_EU_Project_Funds.pdf Project Transactions - EU (Amount shown in Euros)]
 +
 
 +
=== OWASP Project Inventory ===
 +
 
 +
All OWASP tools, document, and code library projects are organized into the following [[OWASP_Project_Stages|categories:]]
 +
 
 +
* '''[[OWASP_Project_Inventory#Flagship_Projects|Flagship Projects:]]''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
 +
 
 +
* '''[[OWASP_Project_Inventory#Labs_Projects|Lab Projects:]]''' OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
 +
 
 +
* '''[[OWASP_Project_Inventory#Incubator_Projects|Incubator Projects:]]''' OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.
  
 
=== Social Media ===
 
=== Social Media ===
  
We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGR5QXFWYThiOHZNSldCdkFIMW9kNXc6MQ "Contact Us"] form found above.   
+
We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our [http://www.tfaforms.com/308703 "Contact Us"] form found above.   
  
 
[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]
 
[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]
 
+
<!-- Twitter Box -->
 
</font>
 
</font>
  
<!-- Mediawiki needs all these spaces -->
+
|}
  
<br>  
+
| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" | 
 +
<div style="padding:2em;padding-bottom:0px;"><!-- DON'T REMOVE ME, I'M STRUCTURAL; also 2 empty lines between images -->
  
 +
 +
[[Image:New_initiatives.png|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]
 +
 +
 +
[[Image:Donate_here_banner.png|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
 +
</div>
 +
 +
{|
 +
 +
 +
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 
|}
 
|}
  
<!-- Twitter Box -->  
+
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
 +
|}
 +
<!-- End Banner -->  
  
| style="border: 3px solid rgb(204, 204, 204); vertical-align: top; width: 95%; font-size: 95%; color: rgb(0, 0, 0);" | <!-- DON'T REMOVE ME, I'M STRUCTURAL -->
+
= Project Inventory =
<!-- There be dragons here -->
+
<font size=2pt>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [[Image:Projects_Front_Page_Graphic3.jpg|center|300px| link=https://www.owasp.org/index.php/OWASP_Mobile_Security_Project]]
+
  
 +
==Quick Guide to Projects==
  
 +
===Quick Guide for Developers===
  
 +
This is a Quick Guide for Developers new to OWASP projects:
  
[[Image:AppSec USA.jpg|center|300px| link=http://www.appsecusa.org/]]
+
Infographic containing Hyperlinks to projects:
 +
https://magic.piktochart.com/output/6400107-untitled-infographic
  
 +
Downloadable Images:
 +
[[File:Owasp_Dev_Guide.pdf ]]
  
 +
==Flagship Projects==
 +
[[File:Flagship_banner.jpg]]
  
 +
The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
 +
After a major review process [[https://www.owasp.org/index.php/LAB_Projects_Code_Analysis_Report More info here]] the following projects are considered to be flagship candidate projects. These project have been evaluated more deeply to confirm their flagship status:
  
 +
====Tools [Reviewed September 2014]====
  
[[Image:Projects_Banner_3.jpg|center|300px| link=http://owasp.force.com/volunteers/GW_Volunteers__VolunteersJobListing]]  
+
* [[OWASP_Zed_Attack_Proxy_Project|OWASP Zed Attack Proxy]]
 +
* [[OWASP_Web_Testing_Environment_Project|OWASP Web Testing Environment Project]]
 +
* [[OWASP_OWTF|OWASP OWTF]]
 +
* [[OWASP_Dependency_Check|OWASP Dependency Check]]
  
 +
====Code [Reviewed November 2014]====
 +
* [[:Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]]
 +
* [[:Category:OWASP_CSRFGuard_Project|OWASP CSRFGuard Project]]
 +
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
  
 +
====Documentation[Reviewed February 2015] in progress====
 +
* [[:Category:OWASP_Application_Security_Verification_Standard_Project|OWASP Application Security Verification Standard Project]]
 +
* [[:Category:Software_Assurance_Maturity_Model|OWASP Software Assurance Maturity Model (SAMM)]]
 +
* [[OWASP_AppSensor_Project|OWASP AppSensor Project]]
 +
* [[:Category:OWASP_Top_Ten_Project|OWASP Top Ten Project]]
 +
* [[OWASP_Testing_Project|OWASP Testing Guide Project]]
  
 +
==Labs Projects==
 +
[[File:Lab banner.jpg]]
  
 +
OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
  
[[Image:Projects_Front_Page_Donation.jpg|center|300px| link=http://www.regonline.com/Register/Checkin.aspx?EventID=1044369]]
+
===Thumbs up===
 +
Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship
  
{|
+
====Tools [Reviewed February 2015]====
+
* [[O-Saft|O-Saft]]
 +
* [[OWASP_Dependency_Track_Project|OWASP Dependency Track Project]]
 +
* [[:Category:OWASP_EnDe|OWASP EnDe Project]]
 +
* [[OWASP_Hackademic_Challenges_Project|OWASP Hackademic Challenges Project]]
 +
* [[OWASP_Mantra_-_Security_Framework|OWASP Mantra Security Framework]]
 +
* [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]]
 +
* [[OWASP_O2_Platform|OWASP O2 Platform]]
 +
* [[OWASP_Passfault|OWASP Passfault]]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Security_Ninjas_AppSec_Training_Program OWASP Security Ninjas Appsec Training]
 +
* [[OWASP_Security_Shepherd|OWASP Security Shepherd]]
 +
* [[:Category:OWASP WebGoat Project|OWASP WebGoat Project]]
 +
* [[OWASP_Xenotix_XSS_Exploit_Framework|OWASP Xenotix XSS Exploit Framework]]
 +
* [[OWASP_iMAS_iOS_Mobile_Application_Security_Project|OWASP iMAS - iOS Mobile Application Security Project]]
 +
* [[OWASP_Code_Pulse_Project|OWASP Code Pulse Project]]
  
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |
+
====Documentation [In Progress-Results by February/March 2015] ====
|}
+
  
| style="width: 110px; font-size: 95%; color: rgb(0, 0, 0);" |  
+
* [[OWASP_Application_Security_Guide_For_CISOs_Project|OWASP Application Security Guide For CISOs]]
|}
+
* [[Cheat_Sheets|OWASP Cheat Sheets Project]] [[File:Thumbsup.png|15px]]
<!-- End Banner -->
+
* [[OWASP_CISO_Survey|OWASP CISO Survey]]
 +
* [[:Category:OWASP_Code_Review_Project|OWASP Code Review Guide Project]]
 +
* [[OWASP_Codes_of_Conduct|OWASP Codes of Conduct]]
 +
* [[OWASP_Cornucopia|OWASP Cornucopia]]
 +
* [[:Category:OWASP_Guide_Project|OWASP Development Guide Project]]
 +
* [[OWASP_Podcast|OWASP Podcast Project]]
 +
* [[OWASP_Proactive_Controls|OWASP Proactive Controls]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_Internet_of_Things_Top_Ten_Project|OWASP Internet of Things Top Ten Project]]
 +
* [[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]
 +
* [[OWASP_Reverse_Engineering_and_Code_Modification_Prevention_Project|OWASP Reverse Engineering and Code Modification Prevention Project]]
 +
 
 +
====Contests====
 +
*[[OWASP_University_Challenge|OWASP University Challenge]]
 +
* [[:Category:OWASP_CTF_Project|OWASP CTF Project]]
 +
 
 +
====Code [Reviewed February 2015]====
 +
* [[:Category:OWASP_Enterprise_Security_API|OWASP Enterprise Security API]]
 +
* [[OWASP_Python_Security_Project|OWASP Python Security Project]]
 +
 
 +
======Low Activity (LABS)[Reviewed July 2015] ======
 +
[[File:low_activity.jpg]]
 +
 
 +
These projects had no releases in at least a year, however have shown to be valuable tools
 +
'''Code [Low Activity]'''
 +
* [[Project_Information:template_Vicnum_Project|OWASP Vicnum Project]]
 +
* [[OWASP_Broken_Web_Applications_Project|OWASP Broken Web Applications Project]]
 +
* [[OWASP_Joomla_Vulnerability_Scanner_Project]]
 +
 
 +
'''Tools'''
 +
*[[https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project | WebScarab]]
 +
 
 +
'''Documentation [Low Activity]'''
 +
* [[OWASP_Appsec_Tutorial_Series|OWASP AppSec Tutorial Series]]
 +
* [[:Category:OWASP_Legal_Project|OWASP Legal Project]]
 +
* [[Virtual_Patching_Best_Practices|Virtual Patching Best Practices]]
 +
* [[OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide|OWASP Secure Coding Practices - Quick Reference Guide]]
 +
 
 +
==Incubator Projects==
 +
[[File:Incubator_banner.jpg]]
 +
 
 +
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
 +
 
 +
===Thumbs up===
 +
Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation
 +
 
 +
 
 +
====Code [Reviewed March 2015]====
 +
* [[OWASP_Java_Encoder_Project|OWASP Java Encoder Project]] [[File:Thumbsup.png|15px]]
 +
* [[OWASP_Java_File_I_O_Security_Project|OWASP Java File I/O Security Project]]
 +
* [[OWASP_PHP_Security_Project|OWASP PHP Security Project]]
 +
* [[OWASP_Node_js_Goat_Project|OWASP Node.js Goat Project]] [[File:Thumbsup.png|15px]
 +
* [[OWASP_File_Format_Validation_Project|OWASP File Format Validation Project]]
 +
* [[OWASP_Security_Logging_Project|OWASP Security Logging Project]]
 +
* [[OWASP_Mth3l3m3nt_Framework_Project|OWASP Mth3l3m3nt Framework Project]]
 +
 
 +
=====Code: Low Activity=====
 +
 
 +
* [[OWASP_PHPRBAC_Project|OWASP PHPRBAC Project]]
 +
 
 +
====Research====
 +
* [[OWASP_WASC_Distributed_Web_Honeypots_Project|OWASP WASC Distributed Web Honeypots Project]]
 +
* [[OWASP_Security_Research_and_Development_Framework|OWASP Security Research and Development Framework]]
 +
 
 +
====Tools [Reviewed last: May 2015]====
 +
* [[OWASP_Wordpress_Vulnerability_Scanner_Project | OWASP Wordpress Vulnerability Scanner]]
 +
* [[OWASP_Threat_Dragon | OWASP Threat Dragon]]
 +
* [[OWASP_Security_Knowledge_Framework#tab=Main | Security Knowledge Framework]]
 +
* [[OWASP_Faux_Bank_Project|OWASP Faux Bank Project]]
 +
* [[OWASP_Droid10_Project|OWASP Droid]]
 +
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
 +
*[[Benchmark|OWASP WebGoat Benchmark]]
 +
*[[OWASP_WAP-Web_Application_Protection|WAP Web Application_Protection]]
 +
*[[OWASP_Java_HTML_Sanitizer|OWASP Java HTML Sanitizer Project]] [[File:Thumbsup.png|15px]]
 +
*[[OWASP_Mantra_OS|OWASP Mantra OS]]
 +
*[[OWASP_iGoat_Project|OWASP iGoat Project]]
 +
*[[OWASP_Bricks|OWASP Bricks]]
 +
*[[OWASP_Bywaf_Project|OWASP Bywaf Project]]
 +
*[[OWASP_Mutillidae_2_Project|OWASP Mutillidae 2 Project]]
 +
*[[OWASP_SeraphimDroid_Project|OWASP SeraphimDroid Project]]
 +
*[[OWASP_WebSpa_Project|OWASP WebSpa Project]]
 +
*[[OWASP_NINJA_PingU_Project|OWASP NINJA PingU Project]]
 +
*[[OWASP_Encoder_Comparison_Reference_Project|OWASP Encoder Comparison Reference Project]]
 +
*[[:Category:OWASP_SQLiX_Project|OWASP sqliX Project]]
 +
*[[OWASP_Secure_TDD_Project|OWASP Secure TDD Project]]
 +
*[[OWASP_XSecurity_Project|OWASP XSecurity Project]]
 +
*[[OWASP_Pyttacker_Project|OWASP Pyttacker Project]]
 +
*[[OWASP_HTTP_Post_Tool|OWASP HTTP POST Tool]]
 +
*[[Projects/OWASP_iOSForensic|OWASP iOSForensic]]
 +
*[[OWASP_SonarQube_Project|OWASP SonarQube Project]]
 +
*[[OWASP Rainbow Maker Project | OWASP Rainbow Maker Project]]
 +
*[[OWASP JSEC CVE Details | OWASP JSEC CVE Details]]
 +
* [[:Category:OWASP_WebGoat.NET|OWASP WebGoat.NET]]
 +
* [[https://www.owasp.org/index.php/WebGoatPHP | WebGoatPHP]]
 +
* [[OWASP_ASIDE_Project|OWASP ASIDE Project]]
 +
* [[OWASP_ZSC_Tool_Project|OWASP ZSC Tool Project]]
 +
 
 +
====Documentation[Review: May 2015]====
 +
*[[OWASP Automated Threats to Web Applications]]
 +
*[[OWASP_Data_Exchange_Format_Project|OWASP Data Exchange Format Project]]
 +
*[[OWASP_Enterprise_Application_Security_Project|OWASP Enterprise Application Security Project]]
 +
*[[OWASP_Secure_Application_Design_Project|OWASP Secure Application Design Project]]
 +
*[[OWASP_Top_10_Fuer_Entwickler_Project|OWASP Top 10 Fuer Entwickler Project]]
 +
*[[OWASP_Vulnerable_Web_Applications_Directory_Project|OWASP Vulnerable Web Applications Directory Project]]
 +
*[[:Category:OWASP_.NET_Project|OWASP .NET Project]]
 +
*[[OWASP_WASC_Web_Hacking_Incidents_Database_Project|OWASP WASC Web Hacking Incidents Database Project]]
 +
*[[OWASP_Security_Frameworks_Project|OWASP Security Frameworks Project]]
 +
*[[OWASP_Incident_Response_Project|OWASP Incident Response Project]]
 +
*[[OWASP_Periodic_Table_of_Vulnerabilities|OWASP Periodic Table of Vulnerabilities]]
 +
*[[OWASP_Top_Trumps_for_Projects|OWASP Top Trumps for Projects]]
 +
*[[OWASP KALP Mobile Project | OWASP KALP Mobile Project]]
 +
*[[OWASP Persian Translation Project | OWASP Persian Translation Project]]
 +
*[[OWASP_Application_Security_Program_Quick_Start_Guide_Project|OWASP_Application_Security_Program_Quick_Start_Guide_Project]]
 +
*[[OWASP_Secure_Configuration_Guide|OWASP_Secure_Configuration_Guide]]
 +
*[[OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project|OWASP_Knowledge_Based_Authentication_Performance_Metrics_Project]]
 +
* [[OWASP_RFP-Criteria|OWASP Request For Proposal]]
 +
 
 +
==Educational Initiatives==
 +
*[[OWASP_Visual_Crime_Scene_and_Security_Incident_Education_Project#tab=Main | OWASP Visual Crime Scene and Security Incident Project]]
 +
*[[OWASP_Secure_Development_Training|OWASP Secure Development Training]]
 +
*[[OWASP_Student_Chapters_Program|OWASP Student Chapters Project]]
 +
*[[:Category:OWASP_Education_Project|OWASP Education Project]]
 +
*[[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]
 +
*[[OWASP_Global_Chapter_Meetings_Project|OWASP Global Chapter Meetings Project]]
 +
*[[OWASP_Media_Project|OWASP Media Project]]
 +
*[[OWASP_Hacking_Lab|OWASP Hacking-Lab]]
 +
*[[OWASP_PHP_Security_Training_Project|OWASP PHP Security Training Project]]
 +
*[[OWASP_Online_Academy#tab=Main | OWASP Online Academy]]
 +
 
 +
==Donated Projects==
 +
 
 +
OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.
 +
 
 +
====Tools====
 +
 
 +
* [[OWASP_Excess_XSS_Project|OWASP Excess XSS Project]]
 +
* [[OWASP_JOTP_Project|OWASP jOTP Project]]
 +
 
 +
==OWASP Archived Projects==
 +
OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.
 +
 
 +
https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects
 +
 
 +
= Project Task Force =
 +
 
 +
 
 +
====OWASP Project Task Force====
 +
 
 +
{{:Task_Force/OWASP_Projects}}
 +
 
 +
= Online Resources =
 +
 
 +
===Project Online Resources===
 +
 
 +
{{:Project_Online_Resources}}
  
  
Line 101: Line 320:
 
== So you want to start a project... ==
 
== So you want to start a project... ==
  
Starting an OWASP Project is easy.  You don't have to be an application security expert.  You just have to have the drive and desire to make a contribution to the application security community.
+
Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.
 +
[[File:HowToStartProjectoWasp.png | 600px | right]]
  
 
Here are some of the guidelines for running a successful OWASP project:
 
Here are some of the guidelines for running a successful OWASP project:
  
* The best OWASP projects are strategic - they make it easier to produce secure applications by filling a gap in the application security knowledge-base or technology support.
+
-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)
 +
 
 +
-Place your idea or project on the [https://www.owasp.org/index.php/Project_Ideas_Board#From_Idea_to_Project_Incubator Project Ideas Board].This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project
 +
 
 +
-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on
 +
 
 +
-Define what kind of project you would like to start. Is it a code, tool or documentation?
 +
 
 +
-Communicate through the Project leader mailing list about your idea and get feedback and  meet potential contributors
 +
 
 +
-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read  documentation such as "[http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf How to start /run a successful Open Source Projects]".
 +
 
 +
[[File:RoadmapIncubatorProjectExample2.PNG | 500px | left]]
 +
 
 +
Some recommendations on how to start a documentation project
 +
[[https://www.owasp.org/index.php/File:Document_Guide_(1).png| Document Guide Project]]
 +
 
 +
===Importance of a well thought out Road-map===
 +
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.
 +
 
  
* You ''can'' run a single person project, but it's usually best to get the community involved.  You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
+
 
 +
"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
 +
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"
 +
 
 +
* Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You ''can'' run a single person project, but it's usually best to get the community involved.  You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  
 
* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project.  Please coordinate this with OWASP by contacting owasp(at)owasp.org.
 
* You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project.  Please coordinate this with OWASP by contacting owasp(at)owasp.org.
  
* Available Grants to consider if you need funding - [https://www.owasp.org/index.php/Grants Click Here]
+
* Available Grants to consider if you need funding - [[Grants|Click Here]]
  
 
* You should promote your project through the OWASP channels as well as by outside means.  Get people to blog about it!
 
* You should promote your project through the OWASP channels as well as by outside means.  Get people to blog about it!
 
  
 
== Creating a new project ==
 
== Creating a new project ==
 +
Once you have passed the Project Ideas phase, then you will be ready to start a new project
 +
To Submit your project please use the following form
 +
. [http://www.tfaforms.com/263506 Please submit a new project application here].
  
[http://sl.owasp.org/new-project Here's the simple process for starting a new OWASP Project].
 
* Check out the '''[[Guidelines for OWASP Projects]]'''.
 
 
<br>
 
* Get the following information together:
 
  
 +
* You will need to gather the following information together for your application:
 
A - PROJECT
 
A - PROJECT
 
# Project Name,
 
# Project Name,
Line 129: Line 370:
 
# Project Roadmap,
 
# Project Roadmap,
 
# Project links (if any) to external sites,
 
# Project links (if any) to external sites,
# [http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects#Project_Licensing Project License],
+
# [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
 
# Project Leader name,
 
# Project Leader name,
 
# Project Leader email address,
 
# Project Leader email address,
Line 135: Line 376:
 
# Project Contributor(s) (if any) - name email and wiki account (if any),
 
# Project Contributor(s) (if any) - name email and wiki account (if any),
 
# Project Main Links (if any).
 
# Project Main Links (if any).
<br>
+
# For Documentation: A table of Contents
 +
# For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.
 +
 
 +
* Check out the '''[[Guidelines for OWASP Projects]]'''.
 +
* [[Grant_Spending_Policy|Grant Spending Policy]]
 +
* [[Project_Spending_Policy|Project Spending Policy]]
 +
* [[Project_Sponsorship_Operational_Guidelines|Project Sponsorship Operational Guidelines]]
  
 
==OWASP Recommended Licenses==
 
==OWASP Recommended Licenses==
  
 
{{Recommended_Licenses}}
 
{{Recommended_Licenses}}
 
  
 
==Funding your Project==
 
==Funding your Project==
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit an application to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organisations, but project leaders are required to seek funding through their own initiative.  
+
An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.  
  
 
== Project Release ==
 
== Project Release ==
  
*As your project reaches a point that you'd like OWASP to assist in its promotion, the [[Global Projects Committee|OWASP Global Projects Committee]]  will need the following to help spread the word about your project:
+
As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:
 
+
# [http://globalprojectscommittee.wordpress.com/2009/07/27/what-is-the-3x-slide-presentation-thing/ Conference style presentation that describes the tool/document in at least 3 slides],
+
# [http://globalprojectscommittee.wordpress.com/2009/07/21/what-is-this-project-flyerpamphlet-thing/ Project Flyer/Pamphlet (PDF file)],
+
<br>
+
* If possible, get also the following information together:
+
 
+
B – FIRST RELEASE
+
# Release Name,
+
# Release Description,
+
# Release Downloadable file link
+
# Release Leader,
+
# Release Contributor(s),
+
# Release Reviewer,
+
# Release Sponsor(s) (if any),
+
# Release Notes
+
# Release Main Links (if any),
+
  
 +
# Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
 +
# Link to your wiki page.
 +
# Link to your code repository or a link to where readers can download your project.
 +
# Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.
  
 
==Project Process Forms==
 
==Project Process Forms==
Line 179: Line 413:
 
* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.
 
* [http://www.tfaforms.com/264426 Project Abandonment Request]:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.
  
* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.  
+
* [http://www.tfaforms.com/264392 Incubator Project Graduation Application]:This application form is for Incubator Projects to apply for Labs Project status.
 
+
  
 
= Project Assessments  =
 
= Project Assessments  =
Line 188: Line 421:
  
  
'''The OWASP Project Lifecycle is broken down into the following stages:'''
+
====The OWASP Project Lifecycle is broken down into the following stages:====
  
'''Incubator Projects:''' OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.
+
'''Incubator Projects''': OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.
  
'''Labs Projects:''' OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.  
+
'''Lab Projects''': OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.  
  
'''Flagship Projects:''' The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.
+
'''Flagship Projects''': The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.
 +
 
 +
'''Code Projects''': OWASP code projects are very important for the cyber security solutions. Because these projects are used to find out the application security problems and try to solve those problems.
  
 
== OWASP Project Stage Benefits==
 
== OWASP Project Stage Benefits==
Line 221: Line 456:
 
* OWASP OSS and OPT participation preference
 
* OWASP OSS and OPT participation preference
  
 +
For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.
 +
 +
== Project Monitoring Incubator/Documentation ==
 +
Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive.
 +
You can set your project active at any time, as long as:
 +
* There has been commits to the project's open repository or
 +
* There has been a beta release of the documentation produced so far or
 +
* Provide a detailed Roadmap
 +
 +
===Importance of a well thought out Roadmap===
 +
Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.
 +
 +
 +
[[File:RoadmapIncubatorProjectExample2.PNG | 600px]]
  
For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.  
+
"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers."
 +
Extracted from : "[[http://www.romanpichler.com/blog/10-tips-creating-agile-product-roadmap/ 10 Tips for Creating an Agile Product Roadmap]]"
  
 +
==Project Monitoring for LABS/Flagship==
 +
These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.
 +
===For Code and Tools===
 +
For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:
 +
*Can the project be built correctly?
 +
*Does the project has any activity(commits) in the last 6 months?
 +
*Does the project had any releases in the last 6 months?
 +
*Has the project leaders updated his wiki or website to reflect latest releases?
 +
===For Documentation===
 +
For this part, we are working on the development of an adequate assessment criteria
 +
The following is a draft of the new process proposal: [[https://www.owasp.org/index.php/File:Qualitative_and_Quantitative_Content_Audit.pdf Proposal for Reviewing OWASP Document projects]]
  
 
== OWASP Project Graduation==
 
== OWASP Project Graduation==
Line 231: Line 492:
  
 
* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]
 
* [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Graduation Criteria Checklist]
 
  
 
==OWASP Project Health Assessment==
 
==OWASP Project Health Assessment==
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
+
The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the [https://docs.google.com/spreadsheet/ccc?key=0AllOCxlYdf1AdG5NZGhzTjZpT1RDcnRibjd0aXhfOUE Project Health Assessment Criteria Document]. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.
 
+
  
 
==OWASP Project Deliverable/Release Assessment==
 
==OWASP Project Deliverable/Release Assessment==
Line 245: Line 504:
  
  
= Project Inventory =
+
= Brand Resources =
 
<font size=2pt>
 
<font size=2pt>
  
==Flagship Projects==
+
==The Brand Usage Rules==
 +
See OWASP's [[Marketing/Resources#tab=BRAND_GUIDELINES|The Brand Usage Rules]] for details.
  
The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.  
+
==Project Icons & Templates==
 +
See OWASP'S [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.
  
 +
(Following links and images are provided for a quick overview only, the primary page is [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]]).
  
'''Code'''
+
If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance
* [https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project OWASP AntiSamy Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP Enterprise Security API]
+
* [https://www.owasp.org/index.php/Projects/OWASP_ModSecurity_Core_Rule_Set_Project OWASP ModSecurity Core Rule Set Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project OWASP CSRFGuard Project]
+
  
 +
'''[[OWASP_Operations_Project_Template|OWASP Operational Wiki Template]]'''
  
'''Tools'''
+
'''[[OWASP_Documentation_Project_Template|OWASP Example Template: DO NOT EDIT]]'''
* [https://www.owasp.org/index.php?title=OWASP_Web_Testing_Environment_Project OWASP Web Testing Environment Project]
+
* [https://www.owasp.org/index.php/Webgoat OWASP WebGoat Project]
+
* [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project OWASP Zed Attack Proxy]
+
  
 +
[[Image:OWASP_Project_Header.jpg|Owasp logo|500px]]
  
'''Documentation'''
+
[[Image:Project_Type_Files_TOOL.jpg|Owasp logo|200px]] [[Image:Project_Type_Files_DOC.jpg||Owasp logo 1c|200px]]
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide Project]
+
* [https://www.owasp.org/index.php/OWASP_Codes_of_Conduct OWASP Codes of Conduct]
+
* [https://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide Project]
+
* [https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide OWASP Secure Coding Practices - Quick Reference Guide]
+
* [https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP Software Assurance Maturity Model (SAMM)]
+
* [https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten Project]
+
  
 +
[[Image:Project_Type_Files_CODE.jpg|Owasp logo|200px]] [[Image:Owasp-defenders-small.png|Owasp logo|100px]] [[Image:Owasp-builders-small.png|Owasp logo|100px]] [[Image:Owasp-breakers-small.png|Owasp logo|100px]]
  
==Labs Projects==
+
[[Image:Owasp-incubator-trans-200.png|Owasp logo rev icon|100px]] [[Image:Owasp-labs-trans-85.png|Owasp logo flat|100px]] [[Image:Owasp-flagship-trans-85.png|Owasp logo icon|100px]]
  
OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.
+
===OpenSAMM===
 +
'''[[Media:OpenSAMM_icons.zip|OpenSAMM Icons]]'''
  
 +
'''Construction:'''
  
'''Tools'''
+
[[Image:Construction black.png| Construction black| 100px]] [[Image:Construction blue.png| Construction blue| 100px]] [[image:Construction olive.png |construction olive|100px]]
* [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project OWASP Broken Web Applications Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project OWASP CSRFTester Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_EnDe OWASP EnDe Project]
+
* [https://www.owasp.org/index.php/OWASP_Fiddler_Addons_for_Security_Testing_Project OWASP Fiddler Addons for Security Testing Project]
+
* [https://www.owasp.org/index.php/OWASP_Forward_Exploit_Tool_Project OWASP Forward Exploit Tool Project]
+
* [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project OWASP Hackademic Challenges Project]
+
* [https://www.owasp.org/index.php/OWASP_Hatkit_Datafiddler_Project OWASP Hatkit Datafiddler Project]
+
* [https://www.owasp.org/index.php/OWASP_Hatkit_Proxy_Project OWASP Hatkit Proxy Project]
+
* [https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool OWASP HTTP POST Tool]
+
* [https://www.owasp.org/index.php/OWASP_Java_XML_Templates_Project OWASP Java XML Templates Project]
+
* [https://www.owasp.org/index.php/OWASP_JavaScript_Sandboxes OWASP JavaScript Sandboxes Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project OWASP Joomla Vulnerability Scanner Project]
+
* [https://www.owasp.org/index.php/OWASP_LAPSE_Project OWASP LAPSE Project]
+
* [https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework OWASP Mantra Security Framework]
+
* [https://www.owasp.org/index.php/Category:OWASP_Mutillidae OWASP Mutillidae Project]
+
* [https://www.owasp.org/index.php/OWASP_O2_Platform OWASP O2 Platform]
+
* [https://www.owasp.org/index.php/Category:OWASP_Orizon_Project OWASP Orizon Project]
+
* [https://www.owasp.org/index.php/Scrubbr OWASP Scrubbr]
+
* [http://owasp.com/index.php/Category:OWASP_Security_Assurance_Testing_of_Virtual_Worlds_Project OWASP Security Assurance Testing of Virtual Worlds Project]
+
* [https://www.owasp.org/index.php/Project_Information:template_Vicnum_Project OWASP Vicnum Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Wapiti_Project OWASP Wapiti Project]
+
* [https://www.owasp.org/index.php/OWASP_Web_Browser_Testing_System_Project OWASP Web Browser Testing System Project]
+
* [https://www.owasp.org/index.php/Webscarab OWASP WebScarab Project]
+
* [https://www.owasp.org/index.php/Project_Information:template_Webslayer_Project OWASP Webslayer Project]
+
* [https://www.owasp.org/index.php/Project_Information:template_WSFuzzer_Project OWASP WSFuzzer Project]
+
* [https://www.owasp.org/index.php/Project_Information:template_Yasca_Project OWASP Yasca Project]
+
  
 +
'''Deployment:'''
  
'''Documentation'''
+
[[image:Deployment black.png| Deployment black| 100px]] [[image:Deployment blue.png| Deployment blue| 100px]] [[image:Deployment olive.png | Deployment olive| 100px]]
* [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series OWASP AppSec Tutorial Series]
+
* [https://www.owasp.org/index.php/OWASP_AppSensor_Project OWASP AppSensor Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Cloud_‐_10_Project OWASP Cloud ‐ 10 Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_CTF_Project OWASP CTF Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database OWASP Fuzzing Code Database]
+
* [https://www.owasp.org/index.php/Category:OWASP_Legal_Project OWASP Legal Project]
+
* [https://www.owasp.org/index.php/OWASP_Podcast OWASP Podcast Project]
+
* [https://www.owasp.org/index.php/Virtual_Patching_Best_Practices Virtual Patching Best Practices]
+
  
 +
'''Governance:'''
  
<div id="sammysam"></div>
+
[[image:Governance black.png| governance black| 100px]]  [[image:Governance blue.png | governance blue | 100px]]  [[image:Governance olive.png | governance olive| 100px]]
==Incubator Projects==
+
  
OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.  The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.
+
'''Verification:'''
  
 +
[[image:Verification black.png | Verification black | 100px]]  [[image:Verification blue.png | verification blue | 100px]]  [[image: Verification olive.png | Verification olive | 100px]]
  
'''Code'''
+
==Book Cover Files==
* [https://www.owasp.org/index.php/OWASP_Secure_the_Flag_Competition_Project OWASP Secure the Flag Project]
+
See OWASP's [[Marketing/Resources#PROJECT_RESOURCES|Project Icons & Templates]] for details.
* [https://www.owasp.org/index.php/Opa OWASP OPA]
+
* [https://www.owasp.org/index.php/OWASP_Alchemist_Project OWASP Alchemist Project]
+
* [https://www.owasp.org/index.php/OWASP_ESOP_Framework OWASP ESOP Framework]
+
* [https://www.owasp.org/index.php/OWASP_Java_Encoder_Project OWASP Java Encoder Project]
+
* [https://www.owasp.org/index.php/OWASP_Passfault OWASP Passfault]
+
* [https://www.owasp.org/index.php/OWASP_OctoMS OWASP OctoMS]
+
* [https://www.owasp.org/index.php/OWASP_Java_Uncertain_Form_Submit_Prevention OWASP Java Uncertain Form Submit Prevention]
+
* [https://www.owasp.org/index.php/OWASP_Ecuador OWASP Ecuador]
+
* [https://www.owasp.org/index.php/OWASP_AW00T OWASP AW00t]
+
* [https://www.owasp.org/index.php/OWASP_ONYX OWASP ONYX]
+
* [https://www.owasp.org/index.php/OWASP_JSON_Sanitizer OWASP JSON Sanitizer]
+
* [https://www.owasp.org/index.php/OWASP_Security_Research_and_Development_Framework OWASP Security Research and Development Framework]
+
* [https://www.owasp.org/index.php/OWASP_1-Liner OWASP 1-Liner]
+
* [https://www.owasp.org/index.php/OWASP_Focus OWASP Focus]
+
* [https://www.owasp.org/index.php/OWASP_PHPRBAC_Project OWASP PHPRBAC Project]
+
* [https://www.owasp.org/index.php/OWASP_EJSF_Project OWASP EJSF Project]
+
* [https://www.owasp.org/index.php/OWASP_Barbarus OWASP Barbarus]
+
* [https://www.owasp.org/index.php/OWASP_iMAS_iOS_Mobile_Application_Security_Project OWASP iMAS - iOS Mobile Application Security Project]
+
* [https://www.owasp.org/index.php/OWASP_RBAC_Project OWASP RBAC Project]
+
* [https://www.owasp.org/index.php/OWASP_PHP_Security_Project OWASP PHP Security Project]
+
* [https://www.owasp.org/index.php/OWASP_Simple_Host_Base_Incidence_Detection_System_Project OWASP Simple Host Base Incidence Detection System Project]
+
  
 +
[[Media:Lulu-guide.pdf|Lulu Guide]]
  
'''Tools'''
+
'''[https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip Download the Book Cover Zip File]'''
* [https://www.owasp.org/index.php/OWASP_WhatTheFuzz_Project#tab=Project_About OWASP WhatTheFuzz Project]
+
{|
* [https://www.owasp.org/index.php/OWASP_Security_Tools_for_Developers_Project OWASP Security Tools for Developers Project]
+
* [https://www.owasp.org/index.php/OWASP_SIMBA_Project OWASP SIMBA Project]
+
* [https://www.owasp.org/index.php/OWASP_VFW_Project OWASP VFW Project]
+
* [https://www.owasp.org/index.php/OWASP_OVAL_Content_Project OWASP OVAL Content Project]
+
* [https://www.owasp.org/index.php/OWASP_WAF_Project OWASP WAF Project]
+
* [https://www.owasp.org/index.php/OWASP_NAXSI_Project OWASP NAXSI Project]
+
* [https://www.owasp.org/index.php/OWASP_Passw3rd_Project OWASP Passw3rd Project]
+
* [https://www.owasp.org/index.php/OWASP_File_Hash_Repository OWASP File Hash Repository]
+
* [https://www.owasp.org/index.php/Category:OWASP_WebGoat.NET OWASP WebGoat.NET]
+
* [https://www.owasp.org/index.php/OWASP_AJAX_Crawling_Tool OWASP AJAX Crawling Tool]
+
* [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF]
+
* [https://www.owasp.org/index.php/OWASP_Path_Traverser OWASP Path Traverser]
+
* [https://www.owasp.org/index.php/OWASP_Watiqay OWASP Watiqay]
+
* [https://www.owasp.org/index.php/OWASP_Security_Shepherd OWASP Security Shepherd]
+
* [https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework OWASP Xenotix XSS Exploit Framework]
+
* [https://www.owasp.org/index.php/OWASP_Mantra_OS OWASP Mantra OS]
+
* [https://www.owasp.org/index.php/OWASP_XSSER OWASP XSSER]
+
* [https://www.owasp.org/index.php/OWASP_Academy_Portal_Project OWASP Academy Portal Project]
+
* [https://www.owasp.org/index.php/OWASP_ASIDE_Project OWASP ASIDE Project]
+
* [https://www.owasp.org/index.php/OWASP_Browser_Security_ACID_Tests_Project OWASP Browser Security ACID Test Project]
+
* [https://www.owasp.org/index.php/OWASP_iGoat_Project OWASP iGoat Project]
+
* [https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer OWASP Java HTML Sanitizer Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Proxy OWASP Proxy Project]
+
* [https://www.owasp.org/index.php/OWASP_SamuraiWTF_Project OWASP SamuraiWTF]
+
* [https://www.owasp.org/index.php/O-Saft O-Saft]
+
* [https://www.owasp.org/index.php/OWASP_Crowdtesting OWASP Crowdtesting]
+
* [https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project OWASP OpenStack Security Project]
+
* [https://www.owasp.org/index.php/OWASP_Desktop_Goat_and_Top_5_Project OWASP Desktop Goat and Top 5 Project]
+
* [https://www.owasp.org/index.php/OWASP_Bricks OWASP Bricks]
+
* [https://www.owasp.org/index.php/OWASP_Dependency_Check OWASP Dependency Check]
+
* [https://www.owasp.org/index.php/OWASP_Hive_Project OWASP Hive Project]
+
* [https://www.owasp.org/index.php/OWASP_Droid_Fusion OWASP Droid Fusion]
+
* [https://www.owasp.org/index.php/OWASP_iSABEL_Proxy_Server OWASP iSABEL Proxy Server]
+
* [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project OWASP Rails Goat Project]
+
* [https://www.owasp.org/index.php/OWASP_Bywaf_Project OWASP Bywaf Project]
+
* [https://www.owasp.org/index.php/OWASP_S.T.I.N.G_Project OWASP S.T.I.N.G Project]
+
* [https://www.owasp.org/index.php/OWASP_Application_Fuzzing_Framework_Project OWASP Application Fuzzing Framework Project]
+
* [https://www.owasp.org/index.php/OWASP_VaultDB_Project OWASP VaultDB Project]
+
* [https://www.owasp.org/index.php/OWASP_WS_Amplification_DoS_Project OWASP WS-Amplification DoS Project]
+
* [https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project OWASP Mutillidae 2 Project]
+
* [https://www.owasp.org/index.php/OWASP_Skanda_SSRF_Exploitation_Framework OWASP Skanda - SSRF Exploitation Framework]
+
* [https://www.owasp.org/index.php/OWASP_SeraphimDroid_Project OWASP SeraphimDroid Project]
+
 
+
'''Documentation'''
+
* [https://www.owasp.org/index.php/OWASP_Data_Exchange_Format_Project OWASP Data Exchange Format Project]
+
* [https://www.owasp.org/index.php/Cheat_Sheets OWASP Cheat Sheets Project]
+
* [https://www.owasp.org/index.php/OWASP_Proactive_Controls OWASP Proactive Controls]
+
* [https://www.owasp.org/index.php/OWASP_Java_J2EE_Secure_Development_Curriculum OWASP Java/J2EE Secure Development Curriculum]
+
* [https://www.owasp.org/index.php/OWASP_Crossword_of_the_Month OWASP Crossword of the Month]
+
* [https://www.owasp.org/index.php/OWASP_Secure_Password_Project OWASP Secure Password Project]
+
* [https://www.owasp.org/index.php/OWASP_Security_Baseline_Project OWASP Security Baseline Project]
+
* [https://www.owasp.org/index.php/OWASP_Software_Security_Assurance_Process OWASP Software Security Assurance Process]
+
* [https://www.owasp.org/index.php/OWASP_Threat_Modelling_Project OWASP Threat Modeling Project]
+
* [https://www.owasp.org/index.php/OWASP_Web_Application_Security_Accessibility_Project#tab=Project_About OWASP Web Application Security Accessibility Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Requirements_Project OWASP Application Security Requirements Project]
+
* [https://www.owasp.org/index.php/OWASP_Common_Numbering_Project OWASP Common Numbering Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project OWASP Favicon Database Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Assessment_Standards_Project OWASP Application Security Assessment Standards Project]
+
* [https://www.owasp.org/index.php/OWASP_Application_Security_Program_for_Managers OWASP Application Security Program for Managers]
+
* [https://www.owasp.org/index.php/OWASP_Application_Security_Skills_Assessment OWASP Application Security Skills Assessment]
+
* [https://www.owasp.org/index.php/OWASP_Browser_Security_Project OWASP Browser Security Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_CBT_Project OWASP Computer Based Training Project (OWASP CBT Project)]
+
* [https://www.owasp.org/index.php/OWASP_Enterprise_Application_Security_Project OWASP Enterprise Application Security Project]
+
* [https://www.owasp.org/index.php/OWASP_Exams_Project OWASP Exams Project]
+
* [https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project OWASP GoatDroid Project]
+
* [https://www.owasp.org/index.php/OWASP_Myth_Breakers_Project OWASP Myth Breakers Project]
+
* [http://owasp.com/index.php/OWASP_Project_Partnership_Model OWASP Project Partnership Model]
+
* [https://www.owasp.org/index.php/OWASP_RFP-Criteria OWASP Request For Proposal]
+
* [https://www.owasp.org/index.php/OWASP_University_Challenge OWASP University Challenge]
+
* [https://www.owasp.org/index.php/OWASP_Hacking_Lab OWASP Hacking-Lab]
+
* [https://www.owasp.org/index.php/OWASP_Application_Security_Awareness_Top_10_E-learning_Project OWASP Application Security Awareness Top 10 E-learning Project]
+
* [https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities OWASP Periodic Table of Vulnerabilities]
+
* [https://www.owasp.org/index.php/WASC_OWASP_Web_Application_Firewall_Evaluation_Criteria_Project WASC/OWASP Web Application Firewall Evaluation Criteria (WAFEC)]
+
* [https://www.owasp.org/index.php/ESAPI_Swingset OWASP ESAPI Swingset Project]
+
* [https://www.owasp.org/index.php/OWASP_Press OWASP Press]
+
* [https://www.owasp.org/index.php/OWASP_CISO_Survey OWASP CISO Survey]
+
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project OWASP Application Security Guide For CISOs]
+
* [https://www.owasp.org/index.php/OWASP_Embedded_Application_Security OWASP Embedded Application Security]
+
* [https://www.owasp.org/index.php/OWASP_Scada_Security_Project OWASP Scada Security Project]
+
* [https://www.owasp.org/index.php/OWASP_Cornucopia OWASP Cornucopia]
+
* [https://www.owasp.org/index.php/OWASP_Secure_Application_Design_Project OWASP Secure Application Design Project]
+
* [https://www.owasp.org/index.php/OWASP_Top_10_Fuer_Entwickler_Project OWASP Top 10 Fuer Entwickler Project]
+
* [https://www.owasp.org/index.php/OWASP_Good_Component_Practices_Project OWASP Good Component Practices Project]
+
* [https://www.owasp.org/index.php/OWASP_Web_Application_Security_Quick_Reference_Guide_Project OWASP Web Application Security Quick Reference Guide Project]
+
* [https://www.owasp.org/index.php/OWASP_Security_JDIs_Project OWASP Security JDIs Project]
+
* [https://www.owasp.org/index.php/OWASP_Windows_Binary_Executable_Files_Security_Checks_Project OWASP Windows Binary Executable Files Security Checks Project]
+
* [https://www.owasp.org/index.php/OWASP_Wordpress_Security_Checklist_Project OWASP Wordpress Security Checklist Project]
+
* [https://www.owasp.org/index.php/OWASP_Supporting_Legacy_Web_Applications_in_the_Current_Environment_Project OWASP Supporting Legacy Web Applications in the Current Environment Project]
+
 
+
 
+
==Inactive Projects==
+
 
+
'''Archived Projects'''
+
 
+
OWASP Archived Projects are inactive Labs projects. If you are interested in pursuing any of the projects below, please contact us and let us know of your interest. 
+
 
+
* [https://www.owasp.org/index.php/Category:OWASP_Access_Control_Rules_Tester_Project OWASP Access Control Rules Tester Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Metrics_Project OWASP Application Security Metrics Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_AppSec_FAQ_Project OWASP AppSec FAQ Project]
+
* [https://www.owasp.org/index.php/Asdr OWASP ASDR Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Backend_Security_Project OWASP Backend Security Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls OWASP Best Practices: Use of Web Application Firewalls]
+
* [https://www.owasp.org/index.php/Category:OWASP_CAL9000_Project OWASP CAL9000 Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_CLASP_Project OWASP CLASP Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Code_Crawler OWASP CodeCrawler Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Content_Validation_using_Java_Annotations_Project OWASP Content Validation using Java Annotations Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project OWASP DirBuster Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Encoding_Project OWASP Encoding Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Google_Hacking_Project OWASP Google Hacking Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project OWASP Insecure Web App Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Interceptor_Project OWASP Interceptor Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_JSP_Testing_Tool_Project OWASP JSP Testing Tool Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_LiveCD_Education_Project OWASP LiveCD Education Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Logging_Project OWASP Logging Guide]
+
* [https://www.owasp.org/index.php/Category:OWASP_NetBouncer_Project OWASP NetBouncer Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_OpenPGP_Extensions_for_HTTP_-_Enigform_and_mod_openpgp OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_OpenSign_Server_Project OWASP OpenSign Server Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project OWASP Pantera Web Assessment Studio Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_PHP_Project OWASP PHP Project]
+
* [https://www.owasp.org/index.php/ORG_%28OWASP_Report_Generator%29 OWASP Report Generator]
+
* [https://www.owasp.org/index.php/Category:OWASP_Ruby_on_Rails_Security_Guide_V2 OWASP Ruby on Rails Security Guide V2]
+
* [https://www.owasp.org/index.php/Category:OWASP_SASAP_Project OWASP Scholastic Application Security Assessment Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Security_Spending_Benchmarks OWASP Security Spending Benchmarks Project]
+
* [https://www.owasp.org/index.php/OWASP_SiteGenerator OWASP Site Generator Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Skavenger_Project OWASP Skavenger Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Source_Code_Flaws_Top_10_Project OWASP Source Code Flaws Top 10 Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Sprajax_Project OWASP Sprajax Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Sqlibench_Project OWASP Sqlibench Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project OWASP sqliX Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Stinger_Project OWASP Stinger Project]
+
* [https://www.owasp.org/index.php/Category:OWASP_Teachable_Static_Analysis_Workbench_Project OWASP Teachable Static Analysis Workbench Project]
+
* [https://www.owasp.org/index.php/OWASP_Tiger OWASP Tiger]
+
* [https://www.owasp.org/index.php/Category:OWASP_Tools_Project OWASP Tools Project]
+
* [https://www.owasp.org/index.php/Projects/OWASP_Uniform_Reporting_Guidelines OWASP Uniform Reporting Guidelines]
+
* [https://www.owasp.org/index.php/Category:OWASP_WeBekci_Project OWASP Webekci Project]
+
* [https://www.owasp.org/index.php/JBroFuzz JBroFuzz]
+
* [https://owasp.org/index.php/Category:OWASP_SWAAT_Project OWASP SWAAT Project]
+
* [https://www.owasp.org/index.php/OWASP_Secure_Web_Application_Framework_Manifesto OWASP Secure Web Application Framework Manifesto]
+
 
+
 
+
= Marketing Materials  =
+
<font size=2pt>
+
 
+
==Philosophy==
+
 
+
OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. OWASP's philosophy is that achieving security involves all parts of an organization, including people, process, and technology. We support the use of our brand consistent with this philosophy. However, we cannot allow the use of our brand when it implies something inconsistent with OWASP's comprehensive and balanced approach to application security. Therefore, we have defined these brand usage rules to clarify appropriate and inappropriate uses of the OWASP brand, including our name, domain, logos, project names, and other trademarks.
+
 
+
 
+
==Brand Usage Rules==
+
 
+
The following rules make reference to all OWASP marketing and graphic materials. This refers to any tools, documentation, or other content from OWASP. The rules also make reference to "OWASP Published Standards" which are currently in the process of being developed and released. Currently there are no OWASP Published Standards.
+
 
+
# The OWASP Brand may be used to direct people to the OWASP website for information about application security.
+
# The OWASP Brand may be used in commentary about the materials found on the OWASP website.
+
# The OWASP Brand may be used by OWASP Members in good standing to promote a person or company's involvement in OWASP.
+
# The OWASP Brand may be used in association with an application security assessment only if a complete and detailed methodology, sufficient to reproduce the results, is disclosed.
+
# The OWASP Brand must not be used in a manner that suggests that The OWASP Foundation supports, advocates, or recommends any particular product or technology.
+
# The OWASP Brand must not be used in a manner that suggests that a product or technology is compliant with any OWASP Materials other than an OWASP Published Standard.
+
# The OWASP Brand must not be used in a manner that suggests that a product or technology can enable compliance with any OWASP Materials other than an OWASP Published Standard.
+
# The OWASP Brand must not be used in any materials that could mislead readers by narrowly interpreting a broad application security category. For example, a vendor product that can find or protect against forced browsing must not claim that they address all of the access control category.
+
# The OWASP Brand may be used by special arrangement with The OWASP Foundation.
+
 
+
 
+
==Social Media==
+
[[Image:Blogger-32x32.png|32px|link=http://owasp.blogspot.co.uk/]] [[Image:Twitter-32x32.png|32px|link=https://twitter.com/OWASP]] [[Image:Facebook-32x32.png|32px|link=https://www.facebook.com/groups/172892372831444/]] [[Image:Linkedin-32x32.png|32px|link=http://www.linkedin.com/groups/Global-OWASP-Foundation-36874]] [[Image:Google-32x32.png|32px|link=https://plus.google.com/u/0/communities/105181517914716500346?cfem=1]] [[Image:Ning-32x32.png|32px|link=http://myowasp.ning.com/]]
+
 
+
 
+
==Resources==
+
* '''[https://www.owasp.org/images/0/07/OWASP_Image_Toolbox.zip OWASP Logo Toolbox]:''' This includes all of OWASP's logo image files in various formats.
+
* '''[https://www.owasp.org/images/2/2a/OWASP_BUSINESS_CARD_TEMPLATES.zip OWASP Business Card Templates]:''' This includes the front and back PSD files for the OWASP Business Card.
+
 
+
 
+
'''Merchandise Requests'''
+
 
+
*Submit your application using the '''[https://spreadsheets.google.com/a/owasp.org/spreadsheet/viewform?formkey=dF85bGtvdWdrd2JjYldNZ1gxSkJxaEE6MQ OWASP Merchandise Request Form]'''.
+
 
+
 
+
'''Ads/Flyers'''
+
 
+
* '''[https://www.owasp.org/images/4/49/OWASP_Brochure_-_Global.pdf OWASP Flyer]'''
+
* '''[https://www.owasp.org/images/a/ac/OWASP-AD-V3-FINAL.pdf OWASP 2012 Standard Print Ad]'''
+
* '''[https://www.owasp.org/images/2/2d/OWASP-AD-V3-FINAL-A4.pdf OWASP 2012 A4 Print Ready Ad]'''
+
* '''[https://www.owasp.org/images/1/1f/OWASP-AD-V3-FINAL-A42.pdf OWASP 2012 A4-2 Print Ready Ad]'''
+
 
+
 
+
'''Banners'''
+
 
+
* '''[https://www.owasp.org/index.php/OWASP_Merchandise#Banners Banner Examples]'''
+
* '''[http://dl.dropbox.com/u/38979962/owasp_gear_335x83_300dpi.pdf Cog wheel banner]'''
+
* '''[http://dl.dropbox.com/u/38979962/OWASP_Banner_300dpi.pdf/OWASP_Banner_300dpi.pdf Honeycomb banner]'''
+
 
+
 
+
'''Presentations'''
+
 
+
These slides are presented at Global AppSec Conferences by the Global Board to provide a high level overview of OWASP and to highlight some of the key initiatives at a Global level. This can be presented in its current form at OWASP Chapter meetings to enable a clarification of the mission and purpose of the local chapter. This can also be used or sent to the press/media when looking for an "overview of owasp".
+
 
+
* '''[https://www.owasp.org/images/3/35/2012Whereweare..Wherearewegoing.pdf 2012 Athens Where we are, Where we are going..]'''
+
* '''[https://www.owasp.org/images/8/83/FINAL-OWASP_Global_Board_Update_AppSecUS11.ppt.pdf 2011 Where we are, Where we are going..]'''
+
 
+
 
+
==Security Podcast with Jim Manico==
+
{| style="background-color: transparent"
+
 
|-
 
|-
! width="200" align="center" | <br>  
+
! width="500" align="center" | <br>  
! width="1000" align="center" | <br>
+
! width="300" align="center" | <br>
 
|-
 
|-
| align="center" | [[Image:Jim_Projects.jpg|100px]]
+
| align="center" | [[Image:BookImage_01.jpg‎|500px| link=https://www.dropbox.com/s/h27gsbe5m7idg0y/Finished%20Covers.zip]]  
| align="justify" | The OWASP foundation presents the OWASP PODCAST SERIES hosted and produced by [mailto:jim@owasp.org Jim Manico]. Listen as interviews are conducted with OWASP volunteers, industry experts and leaders within the field of software security. Visit the [https://www.owasp.org/index.php/OWASP_Podcast Podcast Page] for more information.
+
| align="center" |
|}
+
  
 
==OWASP Appsec Tutorial Series with Jerry Hoff==
 
{| style="background-color: transparent"
 
|-
 
! width="200" align="center" | <br>
 
! width="1000" align="center" | <br>
 
|-
 
| align="center" | [[Image:Jerry_Projects.jpg|100px]]
 
| align="justify" |The OWASP AppSec Tutorial Series project provides a video based means of conveying complex application security concepts in an easily accessible and understandable way. Each video is approximately 5-10 minutes long and highlights one or more specific application security concepts, tools, or methodologies. The goal of the project is quite simple and yet quite audacious - provide top notch application security video based training... for free! Visit the [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series#Project_Lead Tutorial Series Page] for more information.
 
 
|}
 
|}
 
 
==OWASP Press==
 
 
The OWASP press is a pattern for massive community collaboration on OWASP documentation projects with just-in-time publication. Visit the [https://www.owasp.org/index.php/OWASP_Press OWASP Press Page] for more information.
 
 
  
 
= Terminology =
 
= Terminology =
Line 597: Line 578:
  
  
*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining.
+
*'''Flagship Project:''' The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.  
 +
 
  
  
Line 665: Line 647:
 
<font size=2pt>
 
<font size=2pt>
  
==Donate to OWASP Projects Division==
+
==Donate to OWASP Global Projects ==
 
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.
 
OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.
  
Line 678: Line 660:
  
  
==OWASP Project Sponsors==
 
  
'''Americas'''
 
*
 
 
'''Africa'''
 
*
 
 
'''Asia'''
 
*
 
 
'''Europe'''
 
*
 
 
'''Middle East'''
 
*
 
 
 
= PM Information  =
 
<font size=2pt>
 
 
==Samantha Groves: OWASP Projects Manager==
 
{| style="background-color: transparent"
 
|-
 
! width="200" align="center" | <br>
 
! width="1000" align="center" | <br>
 
|-
 
| align="center" | [[Image:Sam2.jpg|100px]]
 
| align="justify" |Samantha Groves is the Project Manager at OWASP. Samantha has led many projects in her career, some of which include website development, brand development, sustainability and socio-behavioral research projects, competitor analysis, event organization and management, volunteer engagement projects, staff recruitment and training, and marketing department organization and strategy implementation projects for a variety of commercial and not-for-profit organizations. She is eager to begin her work at OWASP and help the organization reach its project completion goals.
 
 
Samantha earned her MBA in International Management with a concentration in sustainability from Royal Holloway, University of London. She earned her Bachelor's degree majoring in Multimedia from The University of Advancing Technology in Mesa, Arizona, and she earned her Associate's degree from Scottsdale Community College in Scottsdale, Arizona. Additionally, Samantha recently attained her Prince2 (Foundation) project management certification.
 
 
Please see the [https://docs.google.com/a/owasp.org/document/d/1syHIiVA56KSR_T-enIMolMO6xSAZlWP86uvi_Ui8rPs/edit  Project Manager Role Description] for more information. Please visit the [http://samanthagrovesblog.blogspot.com/ OWASP Project Manager Blog] for more information.
 
|}
 
<br>
 
 
==Projects Reports==
 
 
'''2013'''
 
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-04-01 GPC Meeting: January 04 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-11-01 GPC Meeting: January 11 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-18-01 GPC Meeting: January 18 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-25-01 GPC Meeting: January 25 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-01-02 GPC Meeting: February 01 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-08-02 GPC Meeting: February 08 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-15-02 GPC Meeting: February 15 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-22-02 GPC Meeting: February 22 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-01-03  Project Manager Report: March 01 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-08-03  Project Manager Report: March 08 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-15-03  Project Manager Report: March 15 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-22-03  Project Manager Report: March 22 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-29-03  Project Manager Report: March 29 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-05-04  Project Manager Report: April 05 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-12-04  Project Manager Report: April 12 2013]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2013-19-04  Project Manager Report: April 19 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-26-04  Project Manager Report: April 26 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-03-05  Project Manager Report: May 03 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-10-05  Project Manager Report: May 10 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-17-05  Project Manager Report: May 17 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-24-05  Project Manager Report: May 24 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-31-05  Project Manager Report: May 31 2013]
 
*[https://www.owasp.org/index.php/Projects/Reports/2013-07-06  Project Manager Report: June 07 2013]
 
 
 
'''2012'''
 
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-24-08 GPC Meeting: August 24 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-07-09 GPC Meeting: September 07 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-14-09 GPC Meeting: September 14 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-21-09 GPC Meeting: September 21 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-28-09 GPC Meeting: September 28 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-05-10 GPC Meeting: October 05 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-12-10 GPC Meeting: October 12 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-19-10 GPC Meeting: October 19 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-09-11 GPC Meeting: November 09 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-16-11 GPC Meeting: November 16 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-30-11 GPC Meeting: November 30 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-07-12 GPC Meeting: December 07 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-14-12 GPC Meeting: December 14 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-21-12 GPC Meeting: December 21 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/GPC/Meetings/2012-27-12 GPC Meeting: December 27 2012 Project Manager Report]
 
 
 
==Board Meeting Reports==
 
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/August_13_2012 Board Meeting: August 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/September_10_2012 Board Meeting: September 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/October_08_2012 Board Meeting: October 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/November_12_2012 Board Meeting: November 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/December_10_2012 Board Meeting: December 2012 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/January_14_2013 Board Meeting: January 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/February_11_2013 Board Meeting: February 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/March_11_2013 Board Meeting: March 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/April_05_2013 Board Meeting: April 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/May_13_2013 Board Meeting: May 2013 Project Manager Report]
 
*[https://www.owasp.org/index.php/OWASP_Project_Manager_Activity_Reports/June_10_2013 Board Meeting: June 2013 Project Manager Report]
 
 
 
==Project Funds==
 
 
* [https://docs.google.com/a/owasp.org/spreadsheet/pub?hl=en_US&hl=en_US&key=0Atu4kyR3ljftdEdQWTczbUxoMUFnWmlTODZ2ZFZvaXc&output=html Chapter and Individual Project Funds]
 
* [https://www.owasp.org/index.php/Projects_Reboot_2012 Project Reboot 2012 Information]
 
* [https://www.owasp.org/images/a/ae/Project_Funds-Q1_2013.pdf Q1 2013: Funds Allocated to Projects]
 
 
 
==Project Grants==
 
 
* [https://docs.google.com/document/d/1MA3TI5ssclxvheV8At_ffu2Fuic55SDpOokS3AOvBUc/edit?usp=sharing OWASP Guidebooks Proposal]: This proposal as been completed and awarded.
 
** [https://www.owasp.org/images/1/18/Development_Guide_Project_Gantt.pdf OWASP Development Guide Plan]
 
** [https://www.owasp.org/images/e/e9/Testing_Guide_Project_Gantt.pdf OWASP Testing Guide Plan]
 
** [https://www.owasp.org/images/d/da/Code_Review_Project_Gantt.pdf OWASP Code Review Guide Plan]
 
* [https://docs.google.com/document/d/16ZFXaML8C7aDAZdyTMDDg4BzLr1vUTOz9eqmYE8ZW8U/edit?usp=sharing OWASP ESAPI Grant Proposal]: This proposal has been completed and submitted.
 
* [https://docs.google.com/document/d/1dBTaRr-yl8wGhGKxacWACznZhCZnJ_sZeAdN-b2xPlw/edit?usp=sharing OWASP ModSecurity CRS Proposal]: This proposal has been completed and submitted.
 
* Google Grants Proposal]: This proposal has been completed and awarded.
 
* European Commission Grant Proposal: This proposal has been completed and submitted.
 
 
 
==Project Presentations==
 
 
* [https://www.owasp.org/images/f/fb/OWASP_GLOBAL_PROJECTS.pdf OWASP Projects Presentation: Phoenix Chapter Talk]
 
* [https://www.owasp.org/images/b/bb/OWASP_Projects_Webinar.pdf OWASP Projects Webinar]
 
* [https://www.owasp.org/images/1/19/OWASP_PROJECTS_SOLUTIONS.pdf OWASP Project Infrastructure: Solutions]
 
 
 
 
==Projects Manger's Quarterly Strategic Objectives==
 
 
'''Goals and Objectives: 2013 Q2'''
 
#Identify and target 5-7 specific grants to pursue for 2013.
 
#Develop Brand Usage Guidelines for Projects.
 
#Need for consistent documentation of guidelines (similar to How To Host a Conference) that can apply to various events and venues.
 
#Volunteer Management - identification of skills and supervision required to engage volunteers productively.
 
 
*'''Ongoing Objectives for 2013'''
 
**Work with Project leaders to reach grant required milestones - ONGOING
 
**Develop a project charter outlining appropriate grant revenue spending and grant required milestones. - DUE IN SEPTEMBER - ONGOING
 
**Oversight of Marketing and Graphic Design deliverables (Phase 2/Phase 3) provided by 3rd party contractor
 
 
 
==Contact the Projects Manager==
 
 
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the [http://owasp4.owasp.org/contactus.html OWASP Projects Manager, Samantha Groves].
 
</font>
 
 
 
 
 
= Contact US  =
 
= Contact US  =
 
<font size=2pt>
 
<font size=2pt>
  
==OWASP Representation==
+
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to [http://owasp4.owasp.org/contactus.html Contact Us].
* [[User:Samantha Groves|Samantha Groves]]: OWASP Projects Manager
+
 
+
 
+
If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to contact the [http://owasp4.owasp.org/contactus.html OWASP Projects Manager, Samantha Groves].
+
 
</font>
 
</font>
  
  
 
<headertabs />
 
<headertabs />

Latest revision as of 15:37, 1 September 2015



OWASP Project Header.jpg
[edit]

Welcome to the OWASP Global Projects Page

An OWASP project is a collection of related tasks that have a defined roadmap and team members. OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. OWASP currently has over 142 active projects, and new project applications are submitted every week.

This is one of the most popular divisions of OWASP as it gives members an opportunity to freely test theories and ideas with the professional advice and support of the OWASP community. Every project has an associated mail list. You can view all the lists, examine their archives, and subscribe to any project by visiting the OWASP Project Mailing Lists page. A summary of recent project announcements is available on the OWASP Updates page.

Download the OWASP Project Handbook 2014

OWASP Project Handbook Wiki 2014

Download the OWASP Projects Handbook 2013

Project Online Resources

Who Should Start an OWASP Project?

  • Application Developers.
  • Software Architects.
  • Information Security Authors.
  • Those who would like the support of a world wide professional community to develop or test an idea.
  • Anyone wishing to take advantage of the professional body of knowledge OWASP has to offer.

Contact Us

If you have any questions, please do not hesitate to Contact Us by using the form provided here. Please allow five working days for your question or comment to be answered. This is due to the large amount of queries the foundation staff receive every day. We thank you for your patience.


Fund Details

OWASP Project Inventory

All OWASP tools, document, and code library projects are organized into the following categories:

  • Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.
  • Lab Projects: OWASP Labs projects represent projects that have produced an OWASP reviewed deliverable of value.
  • Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway.

Social Media

We recommend using the links below to find our official OWASP social media channels. These are a great way to keep in touch with the different initiatives going on at OWASP throughout the world. They are all updated regularly by chapter leaders, project leaders, the OWASP Board Members, and our OWASP Staff. If you have any questions or concerns about any of these accounts, please drop us a line using our "Contact Us" form found above.

Blogger-32x32.png Twitter-32x32.png Facebook-32x32.png Linkedin-32x32.png Google-32x32.png Ning-32x32.png


New initiatives.png


Donate here banner.png

Quick Guide to Projects

Quick Guide for Developers

This is a Quick Guide for Developers new to OWASP projects:

Infographic containing Hyperlinks to projects: https://magic.piktochart.com/output/6400107-untitled-infographic

Downloadable Images: File:Owasp Dev Guide.pdf

Flagship Projects

Flagship banner.jpg

The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole. After a major review process [More info here] the following projects are considered to be flagship candidate projects. These project have been evaluated more deeply to confirm their flagship status:

Tools [Reviewed September 2014]

Code [Reviewed November 2014]

Documentation[Reviewed February 2015] in progress

Labs Projects

Lab banner.jpg

OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.

Thumbs up

Thumbs up are given to LAB projects showing a steady progress in their development, had very active and continuous releases and commits, regular update of information on their wiki page and have quite complete documentation. These projects are almost ready to become flagship

Tools [Reviewed February 2015]

Documentation [In Progress-Results by February/March 2015]

Contests

Code [Reviewed February 2015]

Low Activity (LABS)[Reviewed July 2015]

Low activity.jpg

These projects had no releases in at least a year, however have shown to be valuable tools Code [Low Activity]

Tools

Documentation [Low Activity]

Incubator Projects

Incubator banner.jpg

OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.

Thumbs up

Thumbs up are given to incubator projects showing a steady progress in their development, had continuous releases and commits or have delivered a complete product, including open source repository location, basic user guidelines and documentation


Code [Reviewed March 2015]

Code: Low Activity

Research

Tools [Reviewed last: May 2015]

Documentation[Review: May 2015]

Educational Initiatives

Donated Projects

OWASP Donated Projects are inactive projects that have been donated to the OWASP Projects Infrastructure.

Tools

OWASP Archived Projects

OWASP Archived Projects are projects that have developed outside OWASP umbrella or have become inactive. If you are interested in pursuing any of the inactive projects (click hyperlink for list), please contact us and let us know of your interest.

https://www.owasp.org/index.php/Category:OWASP_Project_Archived_Projects

OWASP Project Task Force

This task force is focused on OWASP Projects with a first focus on cleaning up the OWASP incubator list

Current To-do list

Tracking of current stuff is done temporary here as we plan to use Jira in the long run.

To-do list: Future Tasks

  • Gather support and funding to have 1 large OWASP Summit.
  • Design a more sustainable revenue stream using the Project’s IP.
  • Identify & promote cross-project collaboration to move clusters of projects forward, with e.g. work groups that work on a certain domain.
  • Start a task force of people with spare cycles that can help projects that need extra man-power of are falling behind in delivery of new releases (especially the flag ship projects).

Completed Tasks

Failed Tasks

Execution Power

This task force exists on the assumption that it has a mandate from the OWASP leaders to act on behalf of the OWASP community on what is best for OWASP Projects. We are in the process of submitting a Committee Proposal for Project reviews

If somebody (namely an OWASP Leader or Board member) disagree with any of the decisions made, he/she has two options:

  • join this Task Force/Committe
  • create another equivalent 'OWASP Projects group' and do a better job there

note that Committee 2.0 will change this as this task force might converge to a new Committee or fall under one if needed

Current Members

  • Johanna Curiel
  • Timo Goosen
  • Minur Mijur
  • Abbas Naderi
  • Claudia Aviles Casanovas - OWASP Project Coordinator (Staff)

OWASP Projects Task Force (Concept)

This is a new type of OWASP initiative, focused on 'getting things done', the concept is still evolving but here are the current (in draft) guiding principles:

  1. this 'task force is an invitation-only group' (to join the task force, requests should be made directly with existing task force members)
  2. all existing members have VETO power, and it is assumed that all decisions are backed up with all existing members
  3. only existing members can send the invitations
  4. there is a 1 month minimum activity required (or the member is temporarily out).
  5. invitations are automatically approved in 24h
  6. existing members can VETO new members (and existing members can be kickout by majority)
  7. there an one special member who has veto power the responsibility to enforce the 'one month contribution MIA scenario' (i.e. to kick out the 'non contributing members')
  8. all communication MUST be made (as much as practically possible) under public mediums: Wiki, public mailings, public Hangout sessions
  9. there are NO decisions made BEHIND closed doors, or without a solid digital (hyperlinkable) trail

Discussions

Google Group You must be logged in your OWASP Google App account to view and post to the group.

Project Online Resources

This page is for OWASP project leaders and details some of the online services that have been found to be useful for OWASP projects.

How to Run a Successful Open Source Project

http://www2.econ.iastate.edu/tesfatsi/ProducingOSS.KarlFogel2005.pdf

Openhub (formerly known as Ohloh)

OWASP is a registered Organisation on Openduck, a free, public directory of Free and Open Source Software and the contributors who create and maintain it.

If you manage an OWASP project you should:

  • Register yourself on Openhub
  • Make sure your project is registered on Openduck- you can add it yourself if it is not
  • Register yourself as the manager
  • Check that the settings are correct, especially the repositories
  • Make sure it belongs to the OWASP organisation - Contact OWASP or Simon Bennetts if it is not
  • Claim all of your contributions to open source projects
  • Consider including Openhub Widgets on your project homepage or wiki
  • Help other OWASP projects by flagging and rating the ones you use

Other Free Services

These are all free to open source projects.

Other Paid For Services

TBA


So you want to start a project...

Starting an OWASP project is quite easy, and your desire to contribute and make it happen is essential.

HowToStartProjectoWasp.png

Here are some of the guidelines for running a successful OWASP project:

-Start exploring the actual OWASP projects Inventory. Many projects handle specific areas of security it is a good idea to start looking how other successful projects do this (LABS/Flagship)

-Place your idea or project on the Project Ideas Board.This phase will help you to define the project goals and also explore and exchange with other OWASP leaders and volunteers how to develop the idea into a tangible project

-Explore and research if your idea covers a unique segment in the Security arena.Think of your project as a product, if you really want people using it, think how this project will cover a necessity in the security area you are working on

-Define what kind of project you would like to start. Is it a code, tool or documentation?

-Communicate through the Project leader mailing list about your idea and get feedback and meet potential contributors

-Develop your project based on the type of project. For example if you are willing to start a documentation project, begin by defining a Table of Content and work it through with potential contributors. First of all begin by creating a Road-map for your project. This is essential to submit your project. We highly recommend to read documentation such as "How to start /run a successful Open Source Projects".

RoadmapIncubatorProjectExample2.PNG

Some recommendations on how to start a documentation project [Document Guide Project]

Importance of a well thought out Road-map

Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.


"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers." Extracted from : "[10 Tips for Creating an Agile Product Roadmap]"

  • Start defining a development, documentation and marketing plan for your project. Set short , medium and long term plans. Include promotion of your project, this is very important in order to engage users and consumers of your project. Contact project coordinator and the Project Task Force to help you achieve this goal. You can run a single person project, but it's usually best to get the community involved. You should be prepared to support a mailing list, build a team, speak at conferences, and promote your project.
  • You can contribute existing documents or tools to OWASP! Assuming you have the intellectual property rights to a work, you can open it to the world as an OWASP Project. Please coordinate this with OWASP by contacting owasp(at)owasp.org.
  • Available Grants to consider if you need funding - Click Here
  • You should promote your project through the OWASP channels as well as by outside means. Get people to blog about it!

Creating a new project

Once you have passed the Project Ideas phase, then you will be ready to start a new project To Submit your project please use the following form . Please submit a new project application here.


  • You will need to gather the following information together for your application:

A - PROJECT

  1. Project Name,
  2. Project purpose / overview,
  3. Project Roadmap,
  4. Project links (if any) to external sites,
  5. [[Guidelines_for_OWASP_Projects#Project_Licensing|Project License],]
  6. Project Leader name,
  7. Project Leader email address,
  8. Project Leader wiki account - the username (you'll need this to edit the wiki),
  9. Project Contributor(s) (if any) - name email and wiki account (if any),
  10. Project Main Links (if any).
  11. For Documentation: A table of Contents
  12. For Code: A prototype hosted in an open source repository of your choice. Make sure it has read access.

OWASP Recommended Licenses

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
ToolProject
(Non-WebBased)
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"
Tool Project
(WebBased)
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)


Funding your Project

An OWASP project does not receive any funding for development at project inception; however, a new project does have the opportunity to submit a request to receive funds if they are available for the year. Additionally, project leaders have the option of seeking sponsorship from outside organizations, but project leaders are required to seek funding through their own initiative. Please contact the OWASP Projects Manager for more information.

Project Release

As your project reaches a point that you'd like OWASP to assist in its promotion, the will need the following information to help spread the word about your project:

  1. Short 5 sentence paragraph outlining what your project is about, what you hope to accomplish with your project, what value your project brings to software security, and contributor and project leader names and contact information.
  2. Link to your wiki page.
  3. Link to your code repository or a link to where readers can download your project.
  4. Latest Release description answering the following questions: What is it?, What does it do?, Where can I get it?, Who should I contact if something goes wrong?.

Project Process Forms

These forms were created to help project leaders, and those interested in a going through a process in the OWASP projects infrastructure. They facilitate the management of each query based on the specific task an applicant will need help with. The forms are described below, and they are linked with their designated online application form.

  • Project Transition Application:The OWASP project transition form gives current project leaders an easy way of handing over project administration information to individuals wishing to take over a project.
  • Project Review Application:This form is for current project leaders to request a review of their project based on OWASP graduation criteria. The aim is to designate an OWASP volunteer to review these projects within 3 months time.
  • Project Donation Application:This form is for projects outside of the OWASP project infrastructure. Project Leaders for these open source projects can choose to partner or give their project to OWASP directly through this form.
  • Project Abandonment Request:The OWASP project abandonment form gives current project leaders an easy way of letting the OWASP Foundation know that they wish to resign their project leader duties. This form should be used when no replacement project leader exists to take over these duties.

OWASP Project Lifecycle

The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state. The greater the maturity of the project, the greater the level of responsibility for the project leader. These responsibilities are not trivial as OWASP provides incentives and benefits (Section 7) for projects who take on these added responsibilities.


The OWASP Project Lifecycle is broken down into the following stages:

Incubator Projects: OWASP Incubator projects represent the experimental playground where projects are still being designed, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity; moreover, the label allows project leaders to leverage the OWASP name while their project is still maturing. OWASP Incubator projects are given a place on the OWASP Projects Portal to leverage the organizations' infrastructure, and establish their presence and project history.

Lab Projects: OWASP Labs projects represent projects that have produced a deliverable of significant value. Leaders of OWASP Labs projects are expected to stand behind the quality of their projects as these projects have matured to the point where they are accepted by a significant portion of the OWASP community. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are ready for mainstream usage. OWASP Labs Projects are meant to be the collection of established projects that have gained community support and acclaim by undergoing the project review process.

Flagship Projects: The OWASP Flagship designation is given to projects that have demonstrated superior maturity, established quality, and strategic value to OWASP and application security as a whole. Eligible projects are selected from the OWASP Labs project pool. This selection process generally ensures that there is only one project of each type covering any particular security space. OWASP Flagship projects represent projects that are not only mature, but are also projects that OWASP as an organization provides direct support to maintaining. The core mission of OWASP is to make application security visible and so as an organization, OWASP has a vested interest in the success of its Flagship projects. Since Flagship projects have such high visibility, these projects are expected to uphold the most stringent requirements of all OWASP Projects.

Code Projects: OWASP code projects are very important for the cyber security solutions. Because these projects are used to find out the application security problems and try to solve those problems.

OWASP Project Stage Benefits

This section outlines the benefits of starting an OWASP project, and the benefits of being at each different stage in the projects lifecycle. In my short time here at OWASP as the PM, I have had several potential project leaders ask me what the benefits are of starting their project with OWASP. Below is my proposal for each Stage’s benefits.

Incubator

  • Financial Donation Management Assistance
  • Project Review Support
  • WASPY Awards Nominations
  • OWASP OSS and OPT Participation
  • Opportunity to submit proposal: $500 for Development.
  • Community Engagement and Support
  • Recognition and visibility of being associated with the OWASP Brand.

Labs

  • All benefits given to Incubator Projects
  • Technical Writing Support
  • Graphic Design Support
  • Project Promotion Support
  • OWASP OSS and OPT: Preference

Flagship

  • All benefits given to Incubator & Labs Projects
  • Grant finding and proposal writing help
  • Yearly marketing plan development
  • OWASP OSS and OPT participation preference

For more detailed information on OWASP Project Stage Benefits, please see the 2013 Project Handbook.

Project Monitoring Incubator/Documentation

Every 6 months, a project monitoring assessment takes place to evaluate if projects had any releases during this period.A warning will be sent to projects without any activity in 90 days and after 180 days, the project will be set automatically as inactive. You can set your project active at any time, as long as:

  • There has been commits to the project's open repository or
  • There has been a beta release of the documentation produced so far or
  • Provide a detailed Roadmap

Importance of a well thought out Roadmap

Many Incubator project leaders struggle with creating a realistic planning, which should be based on their available resources and time. A well thought out plan makes a difference between a procrastinating project and a successful one. The important aspect of this is, that the project leader is able to create a plan based on his situation. The following is an example of a Roadmap, which has focused to produce a Documentation first release in a year and a basic outline how they plan to cover 4 essential aspects which are Research & Development, Marketing, Planning and Goals.


RoadmapIncubatorProjectExample2.PNG

"Your [project] roadmap should tell a coherent story about the likely growth of your product. Each release should build on the previous one and move you closer towards your vision. Your roadmap should be convincing and realistic: Don’t speculate or oversell your [project]. Be clear who your audience is: An internal roadmap talks to development, marketing, sales, service, and the other groups involved in making your [project] a success; and external one talks to existing and prospective customers." Extracted from : "[10 Tips for Creating an Agile Product Roadmap]"

Project Monitoring for LABS/Flagship

These project represent the best OWASP has to offer, therefore monitoring of these projects is closely supervised.

For Code and Tools

For projects holding Flagship status, we closely monitor their health every 6 months on the following, among other key indicators:

  • Can the project be built correctly?
  • Does the project has any activity(commits) in the last 6 months?
  • Does the project had any releases in the last 6 months?
  • Has the project leaders updated his wiki or website to reflect latest releases?

For Documentation

For this part, we are working on the development of an adequate assessment criteria The following is a draft of the new process proposal: [Proposal for Reviewing OWASP Document projects]

OWASP Project Graduation

The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

The review centers around the following core questions. Each core question has three (3) specific questions made up of binary queries. A project must receive at least two (2) positive responses from each reviewer in two of the binary questions, to warrant a postive response for the core question. Each core question must receive a positive response from both project reviewers to pass the Project Health Assessment for Incubator Projects.

OWASP Project Health Assessment

The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation for projects going from Incubator to LAB and from LAB to Flagship. The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document. If a project passes the assessment, it then becomes eligible to graduate into the OWASP Labs Project stage. In order to be considered for OWASP Labs, an Incubator project must have submitted an OWASP reviewed deliverable, and obtained at least two (2) positive responses for each of the core criteria project health questions.

OWASP Project Deliverable/Release Assessment

The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.

Reviews must be performed by two (2) OWASP Chapter or Project Leaders, and their review must answer affirmatively to at least the first two (2) core Project Deliverable/Release Review questions. A project must pass the OWASP Project Deliverable/Release Assessment in order to graduate into the OWASP Labs Project stage.


The Brand Usage Rules

See OWASP's The Brand Usage Rules for details.

Project Icons & Templates

See OWASP'S Project Icons & Templates for details.

(Following links and images are provided for a quick overview only, the primary page is Project Icons & Templates).

If you require more assistance with these files and/or templates, please contact the OWASP staff for assistance

OWASP Operational Wiki Template

OWASP Example Template: DO NOT EDIT

Owasp logo

Owasp logo Owasp logo 1c

Owasp logo Owasp logo Owasp logo Owasp logo

Owasp logo rev icon Owasp logo flat Owasp logo icon

OpenSAMM

OpenSAMM Icons

Construction:

Construction black Construction blue construction olive

Deployment:

Deployment black Deployment blue Deployment olive

Governance:

governance black governance blue governance olive

Verification:

Verification black verification blue Verification olive

Book Cover Files

See OWASP's Project Icons & Templates for details.

Lulu Guide

Download the Book Cover Zip File



BookImage 01.jpg

OWASP Project Infrastructure

  • OWASP Project Lifecycle: The OWASP Projects Lifecycle represents a balance between keeping a very loose structure around OWASP projects, and ensuring that OWASP consumers are not confused about a project’s maturity and quality. The lifecycle stage allows consumers to easily identify mature projects, and projects that are proofs of concept, experimental, and classified as prototypes in their current state.


  • Incubator Project: OWASP Incubator projects represent the experimental playground where projects are still being fleshed out, ideas are still being proven, and development is still underway. The “OWASP Incubator” label allows OWASP consumers to readily identify a project’s maturity. The label also allows project leaders to leverage the OWASP name while their project is still maturing.


  • Labs Project: OWASP Labs projects represent projects that have produced a deliverable of value. While these projects are typically not production ready, the OWASP community expects that an OWASP Labs project leader is producing releases that are at least ready for mainstream usage.


  • Flagship Project: The OWASP Flagship designation is given to projects that have demonstrated strategic value to OWASP and application security as a whole.


  • Project Benefits: The standard list of resources and incentives made available to project leaders based on their project's current maturity level.


OWASP Project Reviews

  • Project Reviews: Project reviews are the method OWASP uses to establish a minimal baseline of project characteristics and release quality. Reviews are not mandatory, but they are necessary if a project leader wishes to graduate to the next level of maturity within the OWASP Global Projects infrastructure. Projects can be reviewed when an Incubator project wishes to graduate into the OWASP Labs designation, and project releases can be reviewed if they want the quality of their deliverable to be vouched for by OWASP.


  • Project Reviewer Pool: The project reviewer pool is made up of veteran reviewers who have proven themselves dedicated to executing quality reviews of projects.


  • Project Graduation: The Project Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.


  • Project Health Assessment: The Project Health Assessment is an optional process undertaken at the request of a project leader when he/she applies for Project Graduation The purpose of this assessment is to determine whether a project meets the minimum criteria of an OWASP Project outlined in the Project Health Assessment Criteria Document.


  • Project Release: A project release refers to the final deliverable a project produces. It is the final product of the project.


  • Project Deliverable/Release Review: The Project Deliverable/Release Review is an optional process undertaken at the request of a project leader using the Project Deliverable Review Form. The purpose of this process is to review a project’s progress, and to make sure the project is heading in the right direction based on the roadmap they provided at project inception.


OWASP Projects Processes

  • Project Processes: The set of streamlined processes that exist to help projects move smoothly through the OWASP Project Lifecycle.


  • Project Inception Process: The Project Inception Process is how a brand new idea becomes an OWASP Project. Such projects are labeled as OWASP Incubator projects. The process involves submitting the proposed project name, project leader information, project description, project roadmap, and selecting an appropriate open-source license for the project using the New Project Form on the Projects Portal.


  • Project Donation Process: The Project Donation Process is used for a project that has an existing functional release, but is not currently associated with OWASP. This process is the primary mechanism by which individuals or organizations can transfer the ownership of their project’s copyright to OWASP.


  • Project Transition Process: The Project Transition Process is used to transition leadership of a project to a new project leader. This is a simple automated process to transfer the relevant accounts, mailing lists, and other project resources to the new project leader.


  • Project Abandonment Process: The Project Abandonment Process was put in place for those occasions in which a project leader is no longer able to manage their project, and has not been able to find a suitable replacement for the leader role. Project Abandonment can also occur when the project leader feels his/her project has become obsolete. Under these circumstances, the acting project leader is encourage do submit the Project Abandonment Form found in the Projects Portal.


  • Incubator Graduation Process: The Incubator Graduation Process is an optional process undertaken at the request of a project leader using the Incubator Graduation Form. The purpose of this process is to move a project from the OWASP Incubator into the OWASP Labs.


Projects at Conferences

  • AppSec Conferences: OWASP AppSec conferences bring together industry, government, security researchers, and practitioners to discuss the state of the art in application security. This series was launched in the United States in 2004 and Europe in 2005. Global AppSec conferences are held annually in North America, Latin America, Europe, and Asia Pacific.


  • Open Source Showcase: The Open Source Showcase is an OWASP AppSec Conference event module designed to give Open Source project leaders the opportunity to demo their projects.


  • OWASP Project Track: The OWASP Project Track is an OWASP AppSec Conference event module designed to give OWASP Project leaders the opportunity to showcase their projects as an official conference presenter.


OWASP Projects General

  • OWASP Code of Ethics: The OWASP Code of Ethics are the set of guidelines and principles that the OWASP Foundation expects all of its members and conference attendees to abide by. A copy of the Code of Ethics can be found here in the OWASP About page.


OWASP Projects, a global division of the OWASP Foundation, is run under the same world wide not-for-profit charitable status as all the foundation strategic groups. OWASP provides a platform for contributors to share their work while providing them with the project and community support they need throughout their project development. All OWASP Projects are run by volunteers and they rely on personal donations and sponsorship to continue their development. Donate to OWASP Projects, and we promise to spend your money wisely on open source initiatives.

This is how your money can help:

  • $20 could help us spread the word on the importance of open source initiatives in the Application Security industry.
  • $100 could help fund OWASP project demos at major conferences.
  • $250 could help get our volunteer Project Leaders to speaking engagements.


Donate Button.jpg


If you need any help with anything projects related, or if you simply need some more information, please do not hesitate to Contact Us.


Subcategories

This category has the following 143 subcategories, out of 143 total.

 

A

B

C

D

E

F

F cont.

G

H

I

J

L

M

N

O

O cont.

P

R

S

T

V

W

X

Y

Pages in category "OWASP Project"

The following 200 pages are in this category, out of 334 total.

(previous 200) (next 200)

 

A

B

C

D

E

F

G

H

I

J

K

M

M cont.

N

O

O cont.

(previous 200) (next 200)