Difference between revisions of "Category:OWASP Web Application Security Put Into Practice"

From OWASP
Jump to: navigation, search
(New page: == About == This project is about web application security put into practice, because I understand that clear examples in the specific programming language and best practices with explana...)
 
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
{{OWASP Book|1412042}}
 +
 +
 
== About ==
 
== About ==
  
Line 16: Line 19:
 
* Apache Guide (done)
 
* Apache Guide (done)
 
* MySQL Guide (done)
 
* MySQL Guide (done)
* Ruby On Rails Guide (on the way)
+
* Ruby On Rails Guide (done)
  
 
== Resources ==
 
== Resources ==
 +
* The final output [http://www.owasp.org/index.php/Image:Owasp-rails-security.pdf]
 
* The Ruby on Rails Security project [http://www.rorsecurity.info/]
 
* The Ruby on Rails Security project [http://www.rorsecurity.info/]

Latest revision as of 07:08, 23 November 2008

OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.


Contents

About

This project is about web application security put into practice, because I understand that clear examples in the specific programming language and best practices with explanation educate the best.

The Ruby on Rails Security project [1] started this year and is the only security initiative for Ruby on Rails. Ruby is the fastest growing level A programming language, according to the Tiobe programming community index [2], partly because of its advertised simplicity. This is dangerous, as programmers could be enticed to do cargo cult programming [3] without knowing the security impacts. I found several security holes in popular modules, and even the Rails framework itself generates potentially insecure code. Nevertheless, Rails provides good means against many of the OWASP Top Ten security flaws, but I believe these means have to be popularized much more.

Objectives

  • Create a security guide to the most popular web server software, Apache
  • Create a security guide to the popular database software, MySQL
  • Ruby on Rails security guide and code examples for each of the OWASP Top Ten

Spring Of Code 007

This project was selected for the spring of code 007 [4].

Progress

  • Apache Guide (done)
  • MySQL Guide (done)
  • Ruby On Rails Guide (done)

Resources

  • The final output [5]
  • The Ruby on Rails Security project [6]

This category currently contains no pages or media.