Difference between revisions of "Project Information:template Anti-Malware Project"

From OWASP
Jump to: navigation, search
Line 42: Line 42:
 
Provisory '''[[:Category:OWASP Project Assessment#Alpha Quality Documentation Criteria|Apha Quality]]'''<br>(under review)<br>[[:OWASP Anti-Malware Project - Assessment Frame|Please see here for complete information.]]
 
Provisory '''[[:Category:OWASP Project Assessment#Alpha Quality Documentation Criteria|Apha Quality]]'''<br>(under review)<br>[[:OWASP Anti-Malware Project - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="center"|
 
  | style="width:42%; background:#cccccc" align="center"|
[[:OWASP Anti-Malware Project - Guidelines|Anti-malware - Guidelines]]<br>[[:OWASP Anti-Malware - Knowledge Base|Anti-malware - Knowledge Base]]<br>[[:OWASP Anti-Malware Project - Awareness Program|Anti-malware Awareness Program]]
+
[[:OWASP Anti-Malware Project - Awareness Program|Anti-malware Awareness Program]]<br>[[:OWASP Anti-Malware - Knowledge Base|Anti-malware - Knowledge Base]]
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
 
if any, add link(s)
 
if any, add link(s)
 
  |}
 
  |}
 
----
 
----

Revision as of 10:42, 3 January 2012


PROJECT INFORMATION
Project Name OWASP Anti-Malware Project
Defending Web Infrastructures Against Malware
Short Project Description

“Malware is nowadays more than a single enemy: online crime has unified the forces for targeting any online banking customer. Banking Malware is ubiquitous because it’s constantly updated via country-specific configuration files and with modular plugins to fit any banking web application. In addition it can defeat the most sophisticated security protections actually implemented.”

This project is about describing common flaws in security designs that have been adopted for protecting banking websites against malware, as well as a series of best practices that should be considered for evaluating and building better anti-malware solutions. The project will be constantly updated with information taken from Owasp Community, Malware Analysis, Forensic Activities, as well as from any other validated source.

The project delivery will be divided into Two parts. The first part will be a document containing guidelines directed to Banking Web Infrastructures owners. This document will be kept intentionally as short as possible and will have the main goal to raise the awareness on Malware threats and to precisely name a series of checklists that should be taken into consideration to significantly improve website security against malware.

The second part will be a technical study dynamically updated in wiki-style format. The technical study will be the reference for the guidelines contained in the previous document. This study will try to analyze the most sophisticated Malware Techniques used in the 3 most spread Banking Malware families, as well as discuss the effectiveness of different security protections that are thought to be useful against Malware.

The Technical Study will be made up of two teams: MRE (Malware Reverse Engineering Team) and AMTS (Anti-Malware Technology Solutions Team). MRE team will be in charge of studying the malware samples and to inoculate the techniques used against banking Websites; AMTS team will harvest the internet for any Web Infrastructural solution that claims to be Malware Proof for identifying its strengths and weaknesses.

Key Project Information

Project Leader
Giorgio Fedon

Project Contibutors
Vicente Aguilera

Mailing List
Subscribe here
Use here

License
Creative Commons Attribution Share Alike 3.0

Project Type
Document

Sponsors
Minded Security

Release Status Main Links Related Projects

Provisory Apha Quality
(under review)
Please see here for complete information.

Anti-malware Awareness Program
Anti-malware - Knowledge Base

if any, add link(s)