Difference between revisions of "OWASP ASIDE Project"

From OWASP
Jump to: navigation, search
Line 23: Line 23:
 
==== Download ====
 
==== Download ====
  
The recent publicly available plugin can be downloaded from here [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside_1.0.0.201302251700.jar]. You also need to download the complementary [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside.logging_1.0.0.201302251700.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.
+
The recent publicly available plugin can be downloaded from [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside_1.0.0.201302251700.jar here]. You also need to download the complementary [http://webpages.uncc.edu/~jzhu16/edu.uncc.sis.aside.logging_1.0.0.201302251700.jar logging] facility to make ASIDE work properly. ASIDE is built upon [http://www.eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/indigosr1 Eclipse IDE for Java EE Developers] Version 3.5+.
  
 
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.
 
To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.

Revision as of 17:25, 25 February 2013

Main

This project is led by [Jun Zhu] and Bill Chu. Other major contributors include [Jing Xie], Heather Richter Lipford, John Melton & Will Stranathan.

We have presented our talk Using Interactive Static Analysis for Early Detection of Software Vulnerabilities at AppSec USA 2012. You can view and download our presentation here.
We have presented our talk Secure Programming Support in IDE at AppSec USA 2011 in Minneapolis. You can view and download our presentation here.


Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP ASIDE Project (home page)
Purpose: ASIDE is an abbreviation for Application Security Integrated Development Environment. It is an Eclipse Plugin which is a software tool primarily designed to help students write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs. ASIDE may be useful by professional developers as well.
License: N/A
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Jun Zhu @ to contribute to this project
  • Contact Jun Zhu @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

Take a Look

ASIDE currently has two prototype implementations: ASIDE CodeRefactoring and ASIDE CodeAnnotate.

CodeRefactoring is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation.

CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code.

An older version of ASIDE DEMO shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.

Download

The recent publicly available plugin can be downloaded from here. You also need to download the complementary logging facility to make ASIDE work properly. ASIDE is built upon Eclipse IDE for Java EE Developers Version 3.5+.

To make it work, please place the two jar files under the plugins folder of your Eclipse installation directory and then restart your Eclipse.

Source Code

A recent version of the code is located at https://github.com/JunZhuSecurity/ASIDE-Education. An older version could be found at https://github.com/Jing-Xie/owasp-aside.

Research Activities

1. Jun Zhu, Heather Richter Lipford, and Bill Chu, Interactive Support for Secure Programming Education, To appear In Proceedings of ACM Technical Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA

2. Jing Xie, Heather Richter Lipford, and Bill Chu, Evaluating Interactive Support for Secure Programming, In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA

3. Jing Xie, Bill Chu, Heather Richter Lipford, and John T. Melton, ASIDE:IDE Support for Web Application Security, In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA

4. Jing Xie, Heather Richter Lipford, and Bill Chu, Why do programmers make security errors?, In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA

5. Jing Xie, Bill Chu, and Heather Richter Lipford Interactive Support for Secure Software Development, In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain