Difference between revisions of "OWASP Python Security Project"

From OWASP
Jump to: navigation, search
(Created page with "=Main= Project Leader’s content goes here =Project About= {{:Projects/OWASP_Python_Security_Project}} Category:OWASP Project")
 
m (added global owasp python project as related information)
 
(32 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
=Main=
 
=Main=
Project Leader’s content goes here
+
<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div>
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
=Project About=
+
== OWASP Python Security Project ==
{{:Projects/OWASP_Python_Security_Project}}
+
  
[[Category:OWASP Project]]
+
Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.
 +
 
 +
The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:
 +
 
 +
 
 +
 
 +
== Introduction ==
 +
 
 +
Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.
 +
 
 +
The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:
 +
 
 +
Security in python: white-box analysis, structural and functional analysis
 +
Security of python: black-box analysis, identify and address security-related issues
 +
Security with python: develop security hardened python suitable for high-risk and high-security environments
 +
 
 +
 
 +
==Licensing==
 +
 
 +
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
 +
This license is a community friendly license as recommended by OWASP.
 +
You can read more here:
 +
*[https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]
 +
 
 +
== What is the Python Security Project? ==
 +
 
 +
 
 +
== Other Python Security Related Research ==
 +
This is a list of security related research on python core modules by other researchers.
 +
 
 +
*[https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_WP.pdf Sour Pickles Paper Blackhat 2011 Marco Slaviero]
 +
*[https://media.blackhat.com/bh-us-11/Slaviero/BH_US_11_Slaviero_Sour_Pickles_Slides.pdf Sour Pickles Slides Blackhat 2011]
 +
 
 +
 
 +
 
 +
== Project Founder ==
 +
 
 +
* [https://www.owasp.org/index.php/User:Enrico_Branca Enrico Branca] [mailto:enrico.branca@owasp.org @]
 +
 
 +
== Project Leaders ==
 +
 
 +
* [https://www.owasp.org/index.php/User:Enrico_Branca Enrico Branca] [mailto:enrico.branca@owasp.org @]
 +
 
 +
 
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* OWASP Python Security Flyer
 +
** [https://www.owasp.org/images/2/2b/OWASP_PYSEC_FLYER.pdf PDF]
 +
 
 +
== Code Repository ==
 +
* OWASP Python Security Github https://github.com/ebranca/owasp-pysec/ (Current)
 +
 
 +
== Related ==
 +
* [[OWASP Python Project|OWASP Python Project]]
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" rowspan="2" width="50%" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 +
  |-
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]] 
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
 +
 
 +
|}
 +
 
 +
= Road Map and Getting Involved =
 +
 
 +
Please join the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience:
 +
* [https://lists.owasp.org/mailman/listinfo/owasp_python_security_project General project]
 +
 
 +
 
 +
== Current activities ==
 +
 
 +
=== Technical Roadmap ===
 +
 
 +
* [https://github.com/ebranca/owasp-pysec/blob/master/doc/ROADMAP.txt Technical Roadmap or TODO on github]
 +
 
 +
=== General Roadmap ===
 +
 
 +
- Set up website with wiki
 +
 
 +
- Configure mailing list
 +
 
 +
- Configure github account and create code structure
 +
 
 +
- Create Project presentation and pamphlet
 +
 
 +
- Publish initial batch of documents on python security issues and possible mitigations with code examples
 +
 
 +
- Create python secure coding area
 +
 
 +
- Introduce project to OWASP Chapters
 +
 
 +
- Publish initial version of python secure coding manual
 +
 
 +
- Publish hardened version of python coded for security purposes
 +
 
 +
- Document usage of code security policies and call whitelisting
 +
 
 +
- Document usage of message deduplication and data storage in hash rings
 +
 
 +
- Document usage of ESAPI-extended security checks, including but not limited to controls applied to python internal calls, strings, processes, permissions, and low level kernel calls
 +
 
 +
- Create initial documentation of base libraries and modules
 +
 
 +
- Release library to customizec and integrate OpenSSL and cURL
 +
 
 +
- Release utility for SSL analysis of HTTPS communication over SSL
 +
 
 +
- Release utility for SSL analysis of FTPS/FTPES communication over SSL
 +
 
 +
- Release utility for analysis of POPS/IMAPS/SMTPS connections over SSL
 +
 
 +
- Release of utility for archival of SSL certificates and CRLs
 +
 
 +
- Release utility for PE extraction and hash generation from web files
 +
 
 +
= Project Approach =
 +
{{:Projects/OWASP_Python_Security_Project | Project Approach}}
 +
 
 +
 
 +
}}
 +
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP_Project|AppSensor Project]] [[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:SAMM-EH-3]] [[Category:SAMM-SA-2]]

Latest revision as of 03:24, 7 December 2015

[edit]

Lab big.jpg

OWASP Python Security Project

Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:


Introduction

Python Security is a free, open source, OWASP project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles:

Security in python: white-box analysis, structural and functional analysis Security of python: black-box analysis, identify and address security-related issues Security with python: develop security hardened python suitable for high-risk and high-security environments


Licensing

License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project) This license is a community friendly license as recommended by OWASP. You can read more here:

What is the Python Security Project?

Other Python Security Related Research

This is a list of security related research on python core modules by other researchers.


Project Founder

Project Leaders



Quick Download

  • OWASP Python Security Flyer

Code Repository

Related

Classifications

Mature projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Project Type Files DOC.jpg
Project Type Files CODE.jpg

Please join the project's mailing lists to keep up-to-date with what's going on, and to contribute your ideas, feedback, and experience:


Current activities

Technical Roadmap

General Roadmap

- Set up website with wiki

- Configure mailing list

- Configure github account and create code structure

- Create Project presentation and pamphlet

- Publish initial batch of documents on python security issues and possible mitigations with code examples

- Create python secure coding area

- Introduce project to OWASP Chapters

- Publish initial version of python secure coding manual

- Publish hardened version of python coded for security purposes

- Document usage of code security policies and call whitelisting

- Document usage of message deduplication and data storage in hash rings

- Document usage of ESAPI-extended security checks, including but not limited to controls applied to python internal calls, strings, processes, permissions, and low level kernel calls

- Create initial documentation of base libraries and modules

- Release library to customizec and integrate OpenSSL and cURL

- Release utility for SSL analysis of HTTPS communication over SSL

- Release utility for SSL analysis of FTPS/FTPES communication over SSL

- Release utility for analysis of POPS/IMAPS/SMTPS connections over SSL

- Release of utility for archival of SSL certificates and CRLs

- Release utility for PE extraction and hash generation from web files

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Python Security Project (home page)
Purpose: Python Security is a free, open source, project that aims at creating a hardened version of python that makes it easier for security professionals and developers to write applications more resilient to attacks and manipulations.

The project is designed to explore how web applications can be developed in python by approaching the problem from three different angles: - Security in python: white-box analysis, structural and functional analysis - Security of python: black-box analysis, identify and address security-related issues - Security with python: develop security hardened python suitable for high-risk and high-security environments

License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Enrico Branca @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Enrico Branca @ to contribute to this project
  • Contact Enrico Branca @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases


}}