Difference between revisions of "OWASP Security Tools for Developers Project"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by one user not shown)
Line 7: Line 7:
 
|- valign="top"
 
|- valign="top"
 
|  
 
|  
This project is focused on defining, designing, developing and configuring security tools for software developmemt teams and their end-to-end software development process. While any reference material or code produced will be focused an open source stack and Agile development techniques, the concepts should be able to be easily applied to other styles of software engineering.   
+
This project is focused on defining, designing, developing and configuring security tools for software development teams and their end-to-end software development process. While any reference material or code produced will be focused an open source stack and Agile development techniques, the concepts should be able to be easily applied to other styles of software engineering.   
  
Most people accept that tools can only effectively be applied to a fraction of software issues where the fraction is generally increasing but at a relatively conservative pace. Tools are however an important and widely adopted part of the process needed to produce fucntional, stable, reliable and scalable software where security is one such attribute. Most development teams invest heavily in tools to improve their process and maintain end-to-end development environments including managing requirements and user stories, IDE's, test management, source code management, version control, continuous intregration, deployment and monitoring.  
+
Most people accept that tools can only effectively be applied to a fraction of software issues where the fraction is generally increasing but at a relatively conservative pace. Tools are however an important and widely adopted part of the process needed to produce functional, stable, reliable and scalable software where security is one attribute. Most development teams invest heavily in tools to improve their process and maintain end-to-end development environments including managing requirements and user stories, IDE's, test management, source code management, version control, continuous intregration, deployment and monitoring.  
  
Many security tools today are written by and for security people who often (understandably) have a different lens and different needs from software developers and development teams.  
+
Most security tools today are written by and for security people who often (understandably) have a different lens and different needs from software developers and development teams.  
  
 
This project is operating under the belief that infusing security into the development teams work-flow through effective tools will have a significant impact on improving the security quality of the code they produce.<br>  
 
This project is operating under the belief that infusing security into the development teams work-flow through effective tools will have a significant impact on improving the security quality of the code they produce.<br>  
  
You can think of it as a project for developers by developers that just so happens to be about security.&nbsp;  
+
You can think of it as a project for developers by developers to improver software quality through better tooling that just so happens to be about security.&nbsp;  
  
 
|  
 
|  
[[Image:Asvs-ad-where-at.png]]  
+
[[Image:Owasp std.png]]  
  
 
|}
 
|}
Line 31: Line 31:
 
== Wanna get involved?  ==
 
== Wanna get involved?  ==
  
[[Image:Asvs-bulb.jpg]]'''....join the discussion'''  
+
[[Image:Asvs-bulb.jpg]]'''....join the discussion [https://lists.owasp.org/mailman/listinfo/owasp-std mailing list]'''  
  
While the project is open to all we are particularly loking for developers who will actively contributing code. We are especially interested in any developers that have experience of customizing Jenkins, extending Git, unit testing frameworks or customizing mangement tools like ScrumDo. We are also interested in any developers interested in extending behaviour driven development testing frameworks like Cucumber.&nbsp;  
+
While the project is open to all we are particularly looking for developers who will actively contribute code. We are especially interested in any developers that have experience in customizing Jenkins, extending Git, unit testing frameworks or customizing mangement tools like ScrumDo. We are also interested in any developers interested in extending behaviour driven development testing frameworks like JBehave.&nbsp;  
  
 
Join the mailing list, hang out and say hi or contact the project leader&nbsp;[mailto:mark@curphey.com?subject=OWASP%20STD%20Project Mark Curphey].  
 
Join the mailing list, hang out and say hi or contact the project leader&nbsp;[mailto:mark@curphey.com?subject=OWASP%20STD%20Project Mark Curphey].  
  
*[https://lists.owasp.org/mailman/listinfo/owasp-std mailing list (this is the main list)]
+
*[https://lists.owasp.org/mailman/listinfo/owasp-std mailing list]
 
+
|
+
  
 +
|
 
== What exactly are you producing?  ==
 
== What exactly are you producing?  ==
  
 
[[Image:Asvs-bulb.jpg]]'''....the 50,000 ft plan'''  
 
[[Image:Asvs-bulb.jpg]]'''....the 50,000 ft plan'''  
  
The project is still in it's infancy but the plan is to produce the following:  
+
The project is still in its infancy but the plan is to produce the following:  
  
 
*Reference Architecture  
 
*Reference Architecture  
 
*Reference Implementation
 
*Reference Implementation
  
As part of those two key areas we expect to build or customize tools and develop configuration guides for particular technologies. While we don't yet know exactly what that will inlcude it may inlcude IDE plugins or extensions to common testing frameworks to make integrating security tests easier. &nbsp;<br>  
+
As part of those two key areas we expect to build or customize tools and develop configuration guides for particular technologies. While we don't yet know exactly what that will include it may include IDE plugins or extensions to common testing frameworks to make integrating security tests easier. &nbsp;<br>  
  
 
|  
 
|  
Line 58: Line 57:
  
 
We are planning to run the project like an Agile software project itself by building a backlog and running sprints. We may even try and use Google Hangouts for video stand-up meetings!  
 
We are planning to run the project like an Agile software project itself by building a backlog and running sprints. We may even try and use Google Hangouts for video stand-up meetings!  
 +
 +
Our current timeline looks like:
  
 
*August - Project Planning  
 
*August - Project Planning  
Line 64: Line 65:
 
*November - Sprint 3  
 
*November - Sprint 3  
 
*December - Sprint 4
 
*December - Sprint 4
 +
 +
In due course (when we have a backlog) we will publish a roadmap.&nbsp;
  
 
|}
 
|}
  
<br> __NOTOC__ <headertabs />
+
==== Project About  ====
 +
 
 +
{{:Projects/OWASP Security Tools for Developers Project | Project About}}
 +
 
 +
 
 +
__NOTOC__ <headertabs />  
 +
 
 +
[[Category:OWASP_Project|Security Tools for Developers Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool]]

Latest revision as of 08:41, 1 August 2011

Home

This project is focused on defining, designing, developing and configuring security tools for software development teams and their end-to-end software development process. While any reference material or code produced will be focused an open source stack and Agile development techniques, the concepts should be able to be easily applied to other styles of software engineering. 

Most people accept that tools can only effectively be applied to a fraction of software issues where the fraction is generally increasing but at a relatively conservative pace. Tools are however an important and widely adopted part of the process needed to produce functional, stable, reliable and scalable software where security is one attribute. Most development teams invest heavily in tools to improve their process and maintain end-to-end development environments including managing requirements and user stories, IDE's, test management, source code management, version control, continuous intregration, deployment and monitoring.

Most security tools today are written by and for security people who often (understandably) have a different lens and different needs from software developers and development teams.

This project is operating under the belief that infusing security into the development teams work-flow through effective tools will have a significant impact on improving the security quality of the code they produce.

You can think of it as a project for developers by developers to improver software quality through better tooling that just so happens to be about security. 

Owasp std.png

Wanna get involved?

Asvs-bulb.jpg....join the discussion mailing list

While the project is open to all we are particularly looking for developers who will actively contribute code. We are especially interested in any developers that have experience in customizing Jenkins, extending Git, unit testing frameworks or customizing mangement tools like ScrumDo. We are also interested in any developers interested in extending behaviour driven development testing frameworks like JBehave. 

Join the mailing list, hang out and say hi or contact the project leader Mark Curphey.

What exactly are you producing?

Asvs-bulb.jpg....the 50,000 ft plan

The project is still in its infancy but the plan is to produce the following:

  • Reference Architecture
  • Reference Implementation

As part of those two key areas we expect to build or customize tools and develop configuration guides for particular technologies. While we don't yet know exactly what that will include it may include IDE plugins or extensions to common testing frameworks to make integrating security tests easier.  

How are you doing this?

Asvs-bulb.jpg ....by being Agile of course!

We are planning to run the project like an Agile software project itself by building a backlog and running sprints. We may even try and use Google Hangouts for video stand-up meetings!

Our current timeline looks like:

  • August - Project Planning
  • September - Sprint 1
  • October - Sprint 2
  • November - Sprint 3
  • December - Sprint 4

In due course (when we have a backlog) we will publish a roadmap. 

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Security Tools for Developers Project (STD) (home page)
Purpose: Develop a reference implementation of open source tools integrated in an end to end development process. This will likely include a reference architecture, guidance and a reference implementation using open source tools. We will likely extend current open source tools or develop new tools where gaps exist.
License: OSI approved license for the any reference implementations, documentation or software developed.
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases