Difference between revisions of "Project Information:template JSP Testing Tool Project"

From OWASP
Jump to: navigation, search
 
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
+
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
  | colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP JSP Testing Tool Project'''  
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP JSP Testing Tool Project'''  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|The goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. This information can serve two purposes: 1. It provides a means for projects to create a coding standard. By identifying which components are safe or unsafe, a project can establish a preference order of useable components. For those components identified as unsafe, extra security requirements can be imposed on any pages using those components. 2. It provides tag library providers development guidance. Providers can target security enhancements to the components that are most susceptible to cross-site scripting attacks. They can also use these results to demonstrate their performance relative to other competing tag libraries. It also provides feedback for developers that create small custom tag libraries for internal development usage. Ideally, the input to the tool will be the Tag Library Descriptor file along with a compiled version of the tag library. The resulting output will be a report of all tags in the library and their associated attributes with annotations for each attribute indicating whether or not it safely handles tainted input. Additionally, the framework for this tool should be robust enough to enable the functionality indicated by the future work section. 
+
  | colspan="7" style="width:85%; background:#cccccc" align="left"|The goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. This information can serve two purposes: <ol><li>It provides a means for projects to create a coding standard. By identifying which components are safe or unsafe, a project can establish a preference order of useable components. For those components identified as unsafe, extra security requirements can be imposed on any pages using those components</li><li>It provides tag library providers development guidance. Providers can target security enhancements to the components that are most susceptible to cross-site scripting attacks. They can also use these results to demonstrate their performance relative to other competing tag libraries. It also provides feedback for developers that create small custom tag libraries for internal development usage.
 
  |-
 
  |-
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
+
  | style="width:15%; background:#7B8ABD" align="center"|'''Short Project Description'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:jason.li(at)aspectsecurity.com '''Jason Li''']
+
  | style="width:14%; background:#cccccc" align="center"|[[User:Jason Li|'''Jason Li''']]
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>'''N/A'''
  | style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-jsp-testing-tool-project '''Mailing List/Subscribe''']<br>[mailto:owasp-jsp-testing-tool-project(at)lists.owasp.org '''Mailing List/Use''']
+
  | style="width:14%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-jsp-testing-tool-project '''Subscribe here''']<br>[mailto:owasp-jsp-testing-tool-project(at)lists.owasp.org '''Use here''']
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:markkerzner(at)gmail.com '''Mark Kerzner''']
+
  | style="width:14%; background:#cccccc" align="center"|License<br>[http://www.opensource.org/licenses/bsd-license.php ''' New BSD License''']
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:fabricio.fujikawa(at)infoglobo.com.br '''Fabrício Fujikawa''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Type<br>[https://www.owasp.org/index.php/Category:OWASP_Project#tab=Alpha_Status_Projects '''Tool''']
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+
  | style="width:15%; background:#cccccc" align="center"|Sponsors<br>[[OWASP Summer of Code 2008|'''OWASP SoC 08''']]  
 
  |}
 
  |}
{| style="width:100%" border="0" align="center"
+
{| style="width:100%" border="0" align="center"  
  ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''  
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Release Status'''  
|-
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Main Links'''
| style="width:100%; background:#cccccc" align="center"| [http://code.google.com/p/owasp-jsp-testing-tool/ Google Code Home]
+
  ! align="center" style="background:#7B8ABD; color:white"|<font color="black">'''Related Projects'''  
|}
+
{| style="width:100%" border="0" align="center"
+
  ! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''  
+
|-
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#P028 - OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool)|'''Sponsored Project/Guidelines/Roadmap''']]
+
|}
+
{| style="width:100%" border="0" align="center"
+
  ! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
+
|-
+
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
+
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
+
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template JSP Testing Tool Project - 50 Review - Self Evaluation - A|See 50% Review/Self-Evaluation (A)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template JSP Testing Tool Project - 50 Review - First Reviewer - C|See 50% Review/1st Reviewer (C)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template JSP Testing Tool Project 50 Review Second Review E|See 50%Review/2nd Reviewer (E)]]
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template JSP Testing Tool Project - Final Review - Self Evaluation - B|See Final Review/SelfEvaluation (B)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template JSP Testing Tool Project - Final Review - First Reviewer - D|See Final Review/1st Reviewer (D)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template JSP Testing Tool Project - Final Review - Second Reviewer - F|See Final Review/2nd Reviewer (F)]]
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
 
  |-
 
  |-
 +
| style="width:29%; background:#cccccc" align="center"|
 +
'''[[:Category:OWASP_Project_Assessment#Alpha_Quality_Tool_Criteria|Apha Quality]]'''<br>[[:JSP Testing Tool Project - Assessment Frame|Please see here for complete information.]]
 +
| style="width:42%; background:#cccccc" align="center"|
 +
[http://code.google.com/p/owasp-jsp-testing-tool/ Google Code Home]
 +
| style="width:29%; background:#cccccc" align="center"|
 +
If any, add link here
 
  |}
 
  |}
 +
----

Latest revision as of 07:51, 16 March 2009


PROJECT IDENTIFICATION
Project Name OWASP JSP Testing Tool Project
Short Project Description The goal of this project is to create an easy to use, freely available tool that can be used to quickly ascertain the level of protection that each component of a JSP tag library offers. This information can serve two purposes:
  1. It provides a means for projects to create a coding standard. By identifying which components are safe or unsafe, a project can establish a preference order of useable components. For those components identified as unsafe, extra security requirements can be imposed on any pages using those components
  2. It provides tag library providers development guidance. Providers can target security enhancements to the components that are most susceptible to cross-site scripting attacks. They can also use these results to demonstrate their performance relative to other competing tag libraries. It also provides feedback for developers that create small custom tag libraries for internal development usage.
Short Project Description Jason Li Project Contributors
N/A
Mailing List
Subscribe here
Use here
License
New BSD License
Project Type
Tool
Sponsors
OWASP SoC 08
Release Status Main Links Related Projects

Apha Quality
Please see here for complete information.

Google Code Home

If any, add link here