Difference between revisions of "OWASP Enterprise Application Security Project"

From OWASP
Jump to: navigation, search
m
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
==== Main ====
+
=== Main ===
  
== Objective ==
+
== Objective ==
  
The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation or sign-off of large scale (ie 'Enterprise') applications.
+
The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation, or sign-off of large scale (i.e. 'Enterprise') applications.  
  
== Project purpose ==
+
== The purpose of the project  ==
  
Enterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guidelines and tools for enterprise application security assessment.  
+
Enterprise applications security is one of the major topics in overall security area because those applications control money and resources, and any security violation can result in significant money loss. The purpose of this project is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.  
  
== Our Subprojects==
+
== Our Subprojects ==
  
Here are our primary goals:
+
Here are our primary goals:  
  
1 Aware people about enterprise applicatio security vulnerabilities by making an Annual statistics of enterprise business application security vulnerabilities.  
+
1 Aware people about enterprise application security vulnerabilities by releasing annual statistics of enterprise business application security vulnerabilities.  
  
Subproject [[Enterprise Business Application Vulnerability Statistics 2009]]
+
[[Enterprise Business Application Vulnerability Statistics]]  
  
{{:Projects/OWASP Enterprise Application Security Project | Statistics}}
+
2 Help companies to begin the assessment of enterprise applications
[[Category:OWASP_Project|Enterprise Application Security Project | Statistics]]
+
  
2 Help companies to begin assessment of  enterprise applicatios by creating a
+
[[Enterprise Business Application Security Implementation Assessment]]
  
Subproject [[Enterprise Business Application Security Implementation Assessment Guide]]
+
3 Help companies to securely develop and customize business applications
+
3 Help software companies to improve security of their solutions by creating a
+
  
Subproject [[Enterprise Business Application Security Vulnerability Testing Guide v1]]
+
[[Enterprise Business Application Security Development Issues]]  
+
4 Develop a free tools for Enterprise business applicatioons assessment
+
  
Subproject [[Enterprise Business Application Security Software]]
+
4 Develop free tools for enterprise business applications assessment
  
 +
[[Enterprise Business Application Security Software]]
  
== Project Roadmap ==
+
== Project Roadmap ==
  
Have a look at the [[OWASP Enterprise Application Security Project/Roadmp]]
+
Have a look at the [[OWASP Enterprise Application Security Project/Roadmp]]  
  
==== Statistics ====
+
==== Project About  ====
  
== Objective ==
+
{{:Projects/OWASP Enterprise Application Security Project | Project About}}
  
This document is the first statistics report which will be repeated annually with  showing  tendencies and changes in Enterprise Business Application Security area. 
+
<br>
  
== Purpose ==
+
__NOTOC__ <headertabs />
  
This document we will show a result of statistical research in the Business Application security area made by DSECRG and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical are those and what tendences we see.
+
[[Category:OWASP_Project|Enterprise Application Security Project]] [[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]
 
+
== Intro ==
+
 
+
Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nonetheless people still don’t pay much attention to Enterprise Business Application area as we see during our and our collegues research and audit data. Business applications are very large and complex systems that consists of different components such as Database server, Front-end, Web server, Application server and other parts. Also those systems lay on different Hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as:
+
• Network architecture security
+
• Os security
+
• Database security
+
• Application security
+
• Front-end security
+
 
+
Every described layer may have their own vulnerabilities that can give attacker full access to business data even if other layers are fully secured.
+
In this document all the popular applications from described levels and their vulnerabilities vill be shown. The purpose of this document to Increase awareness of Business Application security.
+
 
+
== Links ==
+
 
+
 
+
[http://dsecrg.com Business applications vulnerability statistics 2009 and future trends] - Presentation by Dmitry Evdokimov and Dmityy Chastuhin
+
 
+
[http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a SAP SDN page with latest vulnerabilities]
+
 
+
[http://www.oracle.com/security/critical-patch-update.html Oracle Secalert CPU page with latest vulnerabilities]
+
 
+
Annual report comming soon...
+
 
+
== Authors==
+
 
+
 
+
Alexander Polyakov (DSecRG)
+
Dmitriy Chastuhin (DSecRG)
+
Dmitriy Evdokimov (DSecRG)
+
 
+
 
+
== Contributors==
+
 
+
Leodid Kats  (dsec.ru)
+
Olga Yurova  (dsec.ru)
+
 
+
==== Development guides ====
+
 
+
 
+
==== Implementation guides ====
+
 
+
 
+
 
+
==== Project About ====
+
{{:Projects/OWASP Enterprise Application Security Project | Project About}}
+
 
+
 
+
 
+
__NOTOC__
+
<headertabs/>
+
 
+
[[Category:OWASP_Project|Enterprise Application Security Project]]  
+
[[Category:OWASP Document]]
+
[[Category:OWASP Alpha Quality Document]]
+

Revision as of 10:48, 16 September 2013

Main

Objective

The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation, or sign-off of large scale (i.e. 'Enterprise') applications.

The purpose of the project

Enterprise applications security is one of the major topics in overall security area because those applications control money and resources, and any security violation can result in significant money loss. The purpose of this project is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.

Our Subprojects

Here are our primary goals:

1 Aware people about enterprise application security vulnerabilities by releasing annual statistics of enterprise business application security vulnerabilities.

Enterprise Business Application Vulnerability Statistics

2 Help companies to begin the assessment of enterprise applications

Enterprise Business Application Security Implementation Assessment

3 Help companies to securely develop and customize business applications

Enterprise Business Application Security Development Issues

4 Develop free tools for enterprise business applications assessment

Enterprise Business Application Security Software

Project Roadmap

Have a look at the OWASP Enterprise Application Security Project/Roadmp

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Enterprise Application Security Project (home page)
Purpose: Enterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guideline for EA security assessment.
License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases