OWASP Autumn of Code 2006 - Applications
AoC 1 - Paolo :
Hi Dinis, the Owasp autumn of Code idea is great and it would be greate for me to partecipate. This is my submission informations:
1) Contact details ...........
2) Which project you want to be involved in I'd like to be involved in Code Review project
3) Why you should be sponsored for the project I've got a very strong background in software development. I reached a good C programming level (working at kernel level in Linux operating system) and a good Java programming level in web application development field. My working field is however security as pen tester and code reviewer and I want to merge these two main field of interest: security and code.
I think I can improve Code Review project merging my theorical experience (writing doc about code review, secure coding and providing code snippets in various languages as a sort of Sample Library or knowledge base) with my pratical attidute. Looking ad Owasp LAPSE project, it would be a great idea to create a sort of common API building a sort of "code review tool engine".
This engine would be generic and devoted ONLY to code review related aspects. Using such engine as basis we could build a pletora of tools providing code review capability for common os IDE (extending LAPSE for eclipse, netbeans, ...) and for ad hoc command line tool.
4) What are the objectives and deliverables My objectives are:
- focusing people attention about how much code review and safe coding important are
- providing people practical instruments to test their applications or to build their testing tool too
My deliverables are:
- improving Code Review project documentation for my first objective
- realize the engine core complete with a set of well known wrong code practice, providing a way to extend such engine and to provide a PoF testing tool using the aformentioned APIs
AoC 2 - Federico
I would like to apply for OWASP’s AOC as an individual, with no relation to or sponsorship from PaySett.com (my current employer)
I would like to work on either the HoneyComb project (Especially the Java sections) or translate the current version of the 3.0 guide to Spanish.
I am a Mathematician and Computer Scientist who has been working for the last few months writing up the Security Assurance procedures that will be followed in all releases of our products.
Although security is not my main area of expertise, WebApplication development is my main area (especially Java) and therefore I feel that being part of OWASP’s target audience will help me write things in a clear and concise manner that will be easy for developers, architects and executives to understand.
I do not feel that one person can complete the honeycomb project in three months. However, for the given 3-month timeframe (considering my other responsibilities), I would acquire the following commitments:
- Finish all Java-related articles in the Vulnerabilities section – and others I feel I have the expertise … not sure how many more
- Organize and sort the articles in the Vulnerabilities and Attacks section
- Create as many stubs, with basic info, as possible for Vulnerabilities and Attacks section
- Finish all articles in the “principles” section
- Finish all articles in the “threats” section
- Translate all the above to Spanish
if instead OWASP would be more interested in the guide project, I would Translate the 3.0 guide to Spanish
Thank you for your time and consideration.
Please do not hesitate to contact me with any questions or comments.