Difference between revisions of "OWASP ASIDE Project"

From OWASP
Jump to: navigation, search
(24 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
==== Main  ====
 
==== Main  ====
  
This project is led by [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]] & [[User: Bill Chu|Bill Chu]]. Other major contributors include [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br>
+
This project is led by [[http://www.linkedin.com/in/junzhu1 Jun Zhu]] and [[User: Bill Chu|Bill Chu]]. Other major contributors include [[http://www.linkedin.com/pub/jing-xie/45/890/a1a Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], [[User:John Melton|John Melton]] & [[User: Will Stranathan|Will Stranathan]].<br/>
 +
<br/>
 +
We have presented our talk [http://vimeo.com/54121249 Using Interactive Static Analysis for Early Detection of Software Vulnerabilities] at [http://www.appsecusa.org/ AppSec USA 2012]. You can view and download our [http://webpages.uncc.edu/~jzhu16/InteractiveStaticAnalysis.pdf presentation] here.
 +
<br/>
 +
We have presented our talk [http://vimeo.com/32657812 Secure Programming Support in IDE] at [http://d5srjexdxko0l.cloudfront.net/ AppSec USA 2011] in Minneapolis. You can view and download our [http://webpages.uncc.edu/~jxie2/ASIDE.pdf presentation] here.
  
We have presented our talk [http://www.appsecusa.org/talks.html#ide Secure Programming Support in IDE] at [http://www.appsecusa.org/ AppSec USA 2011] in Minneapolis.
 
 
You can view and download our presentation [http://webpages.uncc.edu/~jxie2/ASIDE.pdf here].
 
  
 
==== Project About ====
 
==== Project About ====
Line 12: Line 13:
 
==== Take a Look ====
 
==== Take a Look ====
  
ASIDE is still under development. But in order to give you a sense of what it should be doing, we have this [http://webpages.uncc.edu/~jxie2/aside.swf ASIDE DEMO]. You will need Adobe Flash to display it.
+
ASIDE currently has two prototype implementations: [http://www.youtube.com/watch?v=VjzlpccMjTM ASIDE CodeRefactoring] and [http://www.youtube.com/watch?v=hyAO8WztiMc ASIDE CodeAnnotate].
 +
 
 +
CodeRefactoring is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation.
 +
 
 +
CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code.
 +
 
 +
An older version of [http://webpages.uncc.edu/~jxie2/aside_old.swf ASIDE DEMO] shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.
  
 
==== Download ====
 
==== Download ====
  
The first publicly available ASIDE can be downloaded [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside_0.0.1.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jxie2/edu.uncc.sis.aside.logging_0.0.1.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.
+
The recent publicly available [New version is coming out, will update soon] can be downloaded now. You also need to download the complementary [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside.logging_1.0.0.201210181942.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.
  
 
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.
 
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.
Line 22: Line 29:
 
==== Source Code ====
 
==== Source Code ====
  
The source code is located at https://github.com/Jing-Xie/owasp-aside
+
A recent version of the code is located at [new version is coming out, will be uploaded soon]. An older version could be found at https://github.com/Jing-Xie/owasp-aside.
  
 
==== Research Activities ====
 
==== Research Activities ====
  
1. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], To appear at ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA
 
  
2. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA
+
1. [[User:Jun Zhu|Jun Zhu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jzhu16/SIGCSE12-Zhu.pdf Interactive Support for Secure Programming Education], To appear In Proceedings of ACM Technical
 +
Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA
 +
 
 +
2. [[User:Jing Xie|Jing Xie]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-CHI2012.pdf Evaluating Interactive Support for Secure Programming], In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA
 +
 
 +
3. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:John Melton|John T. Melton]], [http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=62&type=2 ASIDE:IDE Support for Web Application Security], In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA
  
3. [[User:Jing Xie|Jing Xie]],  [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA
+
4. [[User:Jing Xie|Jing Xie]],  [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford], and [[User:Bill Chu|Bill Chu]], [http://webpages.uncc.edu/~jxie2/XIE-VLHCC2011.pdf Why do programmers make security errors?], In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA
  
4. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain
+
5. [[User:Jing Xie|Jing Xie]], [[User:Bill Chu|Bill Chu]], and [http://hci.sis.uncc.edu:8080/richter Heather Richter Lipford] [http://www.arc.uncc.edu/pubs/essos2011.pdf Interactive Support for Secure Software Development], In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain
  
  

Revision as of 18:45, 4 February 2013

Main

This project is led by [Jun Zhu] and Bill Chu. Other major contributors include [Jing Xie], Heather Richter Lipford, John Melton & Will Stranathan.

We have presented our talk Using Interactive Static Analysis for Early Detection of Software Vulnerabilities at AppSec USA 2012. You can view and download our presentation here.
We have presented our talk Secure Programming Support in IDE at AppSec USA 2011 in Minneapolis. You can view and download our presentation here.


Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP ASIDE Project (home page)
Purpose: ASIDE is an abbreviation for Application Security Integrated Development Environment. It is an Eclipse Plugin which is a software tool primarily designed to help students write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs. ASIDE may be useful by professional developers as well.
License: N/A
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Jun Zhu @ to contribute to this project
  • Contact Jun Zhu @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

Take a Look

ASIDE currently has two prototype implementations: ASIDE CodeRefactoring and ASIDE CodeAnnotate.

CodeRefactoring is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation.

CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code.

An older version of ASIDE DEMO shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.

Download

The recent publicly available [New version is coming out, will update soon] can be downloaded now. You also need to download the complementary logging facility to make ASIDE work properly. ASIDE is built upon Eclipse IDE for Java EE Developers Version 3.5+.

To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.

Source Code

A recent version of the code is located at [new version is coming out, will be uploaded soon]. An older version could be found at https://github.com/Jing-Xie/owasp-aside.

Research Activities

1. Jun Zhu, Heather Richter Lipford, and Bill Chu, Interactive Support for Secure Programming Education, To appear In Proceedings of ACM Technical Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA

2. Jing Xie, Heather Richter Lipford, and Bill Chu, Evaluating Interactive Support for Secure Programming, In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA

3. Jing Xie, Bill Chu, Heather Richter Lipford, and John T. Melton, ASIDE:IDE Support for Web Application Security, In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA

4. Jing Xie, Heather Richter Lipford, and Bill Chu, Why do programmers make security errors?, In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA

5. Jing Xie, Bill Chu, and Heather Richter Lipford Interactive Support for Secure Software Development, In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain