Difference between revisions of "Classic ASP Security Project"

From OWASP
Jump to: navigation, search
(Initial Version)
 
m
Line 5: Line 5:
 
Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. More specifically:
 
Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. More specifically:
 
* Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide .
 
* Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide .
* Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks.
 
 
* Addition of expression for Code Review Tool to support Classic ASP applications.
 
* Addition of expression for Code Review Tool to support Classic ASP applications.
 
* Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
 
* Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
Line 12: Line 11:
 
===Progress===
 
===Progress===
 
* Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide. - is in progress
 
* Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide. - is in progress
 +
* Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks. '''Done''' Jul 07, 2008.
  
 
[[Category:OWASP Project]]
 
[[Category:OWASP Project]]

Revision as of 19:41, 7 June 2008

Overview

Classic ASP 2.0 and 3.0 applications are still largely used as this technology is more than 10 years old and was largely used. there are thousands of sites on the wild that need guidance on the security arena. This is where OWASP can come up and provide help for “making the Web a better place” and continue spreading the word on security. I have always be a passionate of the technology (regardless of its inconveniences such as being old and DLL-hell prone) and I am really exited on the idea of sharing my knowledge of this area to the world and what best that though OWASP.

Objectives and Deliverables

Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. More specifically:

  • Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide .
  • Addition of expression for Code Review Tool to support Classic ASP applications.
  • Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
  • This same module will compliment the OWASP Validation Documentation Project.

Progress

  • Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide. - is in progress
  • Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks. Done Jul 07, 2008.