Difference between revisions of "OWASP Autumn of Code 2006 - Applications"

Jump to: navigation, search
(AoC 7 -)
(AoC 8 -)
Line 249: Line 249:
Thank you,
Thank you,
== AoC 8 - ==
== AoC 8 - Josh==
Testing Guide
Reasons to be sponsored:
It happens to be "be nice to Josh day" today, besides I think I can
express the ideas that we want to convey in a clear and readable manner.
To deliver a readable and accurate guide on performing an application
security review.
I look forward to hearing from you,
== AoC 9 - ==
== AoC 9 - ==

Revision as of 17:36, 21 September 2006

AoC 1 - Paolo :

Hi Dinis, the Owasp autumn of Code idea is great and it would be greate for me to partecipate. This is my submission informations:

1) Contact details ...........

2) Which project you want to be involved in I'd like to be involved in Code Review project

3) Why you should be sponsored for the project I've got a very strong background in software development. I reached a good C programming level (working at kernel level in Linux operating system) and a good Java programming level in web application development field. My working field is however security as pen tester and code reviewer and I want to merge these two main field of interest: security and code.

I think I can improve Code Review project merging my theorical experience (writing doc about code review, secure coding and providing code snippets in various languages as a sort of Sample Library or knowledge base) with my pratical attidute. Looking ad Owasp LAPSE project, it would be a great idea to create a sort of common API building a sort of "code review tool engine".

This engine would be generic and devoted ONLY to code review related aspects. Using such engine as basis we could build a pletora of tools providing code review capability for common os IDE (extending LAPSE for eclipse, netbeans, ...) and for ad hoc command line tool.

4) What are the objectives and deliverables My objectives are:

  • focusing people attention about how much code review and safe coding important are
  • providing people practical instruments to test their applications or to build their testing tool too

My deliverables are:

  • improving Code Review project documentation for my first objective
  • realize the engine core complete with a set of well known wrong code practice, providing a way to extend such engine and to provide a PoF testing tool using the aformentioned APIs

AoC 2 - Federico


I would like to apply for OWASP’s AOC as an individual, with no relation to or sponsorship from PaySett.com (my current employer)

I would like to work on either the HoneyComb project (Especially the Java sections) or translate the current version of the 3.0 guide to Spanish.

I am a Mathematician and Computer Scientist who has been working for the last few months writing up the Security Assurance procedures that will be followed in all releases of our products.

Although security is not my main area of expertise, WebApplication development is my main area (especially Java) and therefore I feel that being part of OWASP’s target audience will help me write things in a clear and concise manner that will be easy for developers, architects and executives to understand.

I do not feel that one person can complete the honeycomb project in three months. However, for the given 3-month timeframe (considering my other responsibilities), I would acquire the following commitments:

  • Finish all Java-related articles in the Vulnerabilities section – and others I feel I have the expertise … not sure how many more
  • Organize and sort the articles in the Vulnerabilities and Attacks section
  • Create as many stubs, with basic info, as possible for Vulnerabilities and Attacks section
  • Finish all articles in the “principles” section
  • Finish all articles in the “threats” section
  • Translate all the above to Spanish

if instead OWASP would be more interested in the guide project, I would Translate the 3.0 guide to Spanish

Thank you for your time and consideration.

Please do not hesitate to contact me with any questions or comments.

Best regards,

AoC 3 - Tom

Hi Dinis,

I'm interesting in sorting out the owasp.org website and fixing things up... aka, "WebMaster the Owasp.org website for 3 months and implement all missing functionality". I'm just finishing up my MSc in Information Security at Royal Holloway, University of London. My thesis is on secure coding (investigations into security development lifecycles, how they interact with security assessments and all that lark) however it's not web related so I doubt it'll be useful.



Get back to me.



AoC 4 - Joshua

G'day Dinis,

I have been working with Eoin on the liveCD project and we are hoping to have a Beta version ready for Seattle. I would like to be considered for the "OWASP Autumn of Code" sponsorship.

I have been working very hard in my spare time to get the LiveCD up and running. Basically, I spent some time going through all the distros and testing different build methods. After all the testing Morphix was the easiest and most stable to work with.

So far we have a working version with the following tools installed; WebScarab Nmap Nessus Paros OWASP Guide 2.0 CAL9000 TCPDUmp Ethereal Nikto NetCat

Working on : WebGoat Branding ( Boot Menus, Wallpaper ) KDE Menu Slimming down the build Packaging on CD/DVD Prof. Custom Graphics / Icons RFID Tools VOIP Tools

This project was created because other LiveCD's don't focus on App testing and training. It's mostly infrastructure. That's where "labRat" the Live Distro fills the gap. This is also excellent to have all the OWASP resources during an onsite job or training in the lab. That's where the name came from-- spending those long hours in our security labs.

I'd like to hear your thoughts on the LiveCD project and if you feel it's worthy of sponsorship. I know that several chapter leads I know are anxious to get it up and going.



AoC 5 - Jonathan

My name is Jonathan [...] and I am the Development Security Officer for [...] inc. In my current role I am responsible for the integration of security processes within our companies development lifecycle as well as managing our security engineering team. I have worked in the industry for six years, in which time I was promoted from developer, to architect, and into my current role as DSO.

I have much respect for OWASP and would find this sponsorship program to be an excellent way of getting involved with your organization (of course, the sponsorship money is nice too :). In reviewing the projects listed I have found the 'OWASP Testing Guide' to be the most interesting, but I admit that I have little or no experience with any of the projects. If there any projects you would like to refer me to as an experienced Java developer and understanding my current role, I would be very interested.

Thank you for your time.

AoC 6 - Hardik

Hello Dinis,

I would like to take one of the following projects. But currently i am not aware of exactly what are the remaining things in these projects and what you want to implement. If you can let me know the requirments for following projects then i can take one or multiple projects. I am also having some friends who might be intrested in working on these so we all can work on it. Following is the list of projects we are intrested in:- OWASP WebGoat Project OWASP Validation Project OWASP WebGoat Project - OWASP WebScarab Project If possible please provide me more details or contact of suitable person about the current status and what are the requirments,features needed.

Thanks & Regards,


AoC 7 - Aaron


I would like to submit a project proposal for the OWASP Autumn of Code 2006.

Project Request:

First Choice: WebMaster the Owasp.org website for 3 months and implement all missing functionality

Second Choice: OWASP PHP Project

Third Choice: OWASP AJAX Security Project


I have worked as a professional web developer for 6+ years and have participated in several open source projects including tiki-wiki and other content management system projects. I am employed by the Ontario Libraries as a consultant on web development technologies and web server deployment strategies. During my career, I have had the luxury of learning and furthering my skills through the open-source community of developers who have offered one-on-one advice, project source code, and valuable insight. Without this guidance it would not have been possible for me to progress as quickly as I have, nor would my journey have been as enjoyable of an experience.

My primary interest includes PHP / MySQL development, server administration (FreeBSD / Linux), and graphics design / usability study. As a web developer I have had the opportunity to learn and use numerous technologies and programming languages running under a variety of environments. This has forced me to learn to adapt quickly under various circumstances and environments, and has taught me how to work both alone as well as within a team. I would like to use this unique experience to aid others within the community in any way possible, including the continued development of services within the owasp.org website.

Deliverables (Web Master):

1. Website template and branding 2. Prepare marketing materials (digital format) 3. Content updating and proofing (English) 4. Prepare website documentation for future developers 5. Work in conjunction with other teams (AJAX, JS, PHP) to audit and develop site 6. Develop features and functionality as identified by OWASP and community

Please feel free to contact me at your leisure to discuss my proposal. I will provide a detailed portfolio of my work if this is of interest and/or I can prepare a deliverables list for the other two projects if necessary.

Thank you,

AoC 8 - Josh

Project: Testing Guide

Reasons to be sponsored: It happens to be "be nice to Josh day" today, besides I think I can express the ideas that we want to convey in a clear and readable manner.

Objectives: To deliver a readable and accurate guide on performing an application security review.

I look forward to hearing from you,

AoC 9 -

AoC 10 -

AoC 11 -

AoC 12 -

AoC 13 -

AoC 14 -

AoC 15 -