Classic ASP Security Project

From OWASP
Revision as of 18:16, 7 August 2008 by Jcmax (Talk | contribs)

Jump to: navigation, search

Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.


PROJECT IDENTIFICATION
Project Name OWASP Classic ASP Security Project
Short Project Description This project aims to create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. More specifically:
  • Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide .
  • Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks.
  • Addition of expression for Code Review Tool to support Classic ASP applications.
  • Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
  • This same module will compliment the OWASP Validation Documentation Project.
Project key Information Project Leader
Juan Carlos Calderon
Project Contributors
(if any)
Mailing list
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Tool
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Alpha Quality
Please see here for complete information.

OWASP Classic ASP ESAPI ZIP
OWASP Classic ASP Default.asp ZIP
OWASP Classic ASP ESAPI - Google Code Repository
StingerASP1.0.zip
OWASP Stinger 1.0 for Classic ASP - Google Code Repository

OWASP Enterprise Security API
OWASP Stinger Version 1.0



Overview

Classic ASP 2.0 and 3.0 applications are still largely used as this technology is more than 10 years old and was largely used. there are thousands of sites on the wild that need guidance on the security arena. This is where OWASP can come up and provide help for “making the Web a better place” and continue spreading the word on security. I have always be a passionate of the technology (regardless of its inconveniences such as being old and DLL-hell prone) and I am really exited on the idea of sharing my knowledge of this area to the world and what best that though OWASP.

Objectives

Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries.

Deliverables and Progress

ActivityStatus
  • Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide.
In Progress - 50%
  • Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks
Done - Jun 8, 2008
  • Addition of expression for Code Review Tool to support Classic ASP applications
Done - Jun 12, 2008
  • Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
Done - Aug 3rd, 2008
  • This same module will compliment the OWASP Validation Documentation Project.
Done - Aug 7th, 2008