Difference between revisions of "Project Information:template Ruby on Rails Security Guide V2"

From OWASP
Jump to: navigation, search
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
----
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
 
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
 
  ! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''  
Line 13: Line 14:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:heikowebers(at)gmx.net '''Heiko Webers''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:thesp0nge@owasp.org '''Paolo Perego''']
 
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
 
  | style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
 
  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-ruby-on-rails-v2 '''Subscribe here''']<br>[mailto:OWASP-Ruby-on-Rails-V2(at)lists.owasp.org '''Use here''']
 
  | style="width:10%; background:#cccccc" align="center"|Mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-ruby-on-rails-v2 '''Subscribe here''']<br>[mailto:OWASP-Ruby-on-Rails-V2(at)lists.owasp.org '''Use here''']
Line 26: Line 27:
 
  |-
 
  |-
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
'''[[:Category:OWASP_Project_Assessment#Release Quality Documentation Criteria|Release Quality]]'''<br>[[:OWASP Ruby on Rails Security Guide V2 - Assessment Frame|Please see here for complete information.]]
+
[[:Category:OWASP_Project_Assessment#Release Quality Documentation Criteria|'''Release Quality''']]<br>[[:OWASP Ruby on Rails Security Guide V2 - Assessment Frame|Please see here for complete information.]]
 
  | style="width:42%; background:#cccccc" align="center"|
 
  | style="width:42%; background:#cccccc" align="center"|
OWASP The Ruby on Rails Security Guide V.2: [http://www.owasp.org/images/9/9d/Owasp_rails_security2.pdf '''PDF'''] & '''Word''' files<br>OWASP The Ruby on Rails Security Guide V.2 - [https://www.owasp.org/images/3/32/Rails_security_2_presentation.pdf '''PDF Presentation''']
+
OWASP Ruby on Rails Security Guide V.2: [https://www.owasp.org/images/8/89/Rails_Security_2.pdf '''PDF''']&[https://www.owasp.org/images/d/d4/Rails_Security_2.doc '''Word'''] - NEW RELEASE!<br>[https://www.owasp.org/images/3/32/Rails_security_2_presentation.pdf '''PDF Presentation''']
 
  | style="width:29%; background:#cccccc" align="center"|
 
  | style="width:29%; background:#cccccc" align="center"|
[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]
+
[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]<br>[[:Category:OWASP Testing Project|OWASP Testing Project]]
|}
+
 
+
 
+
 
+
 
+
{| style="width:100%" border="0" align="center"
+
! colspan="8" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
+
| colspan="7" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Ruby on Rails Security Guide V2'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
+
| colspan="6" style="width:85%; background:#cccccc" align="left"|The last security guide for [[:Category:OWASP Web Application Security Put Into Practice|Rails]] was a great success, with a lot of more secure web applications and continued awareness in the community of security issues. The [http://www.rorsecurity.info/ Ruby on Rails Security Project] is the one and only source of information about Rails security topics, and I keep the community up-to-date with blog posts and conference talks in Europe. The Guide and the Project has been mentioned in several Rails books and web-sites.
+
 
+
Version 1 of the Ruby on Rails Security Guide was sponsored by the SpoC 07, set the standard for OWASP programming language specific guides in terms of the topic outline and has been published as a [http://www.lulu.com/content/1412042 book]. Nevertheless I'm convinced that a more compact design and a "question-and-answer" style of writing will reach an even larger audience. Of course the new Guide will still include answers to the OWASP Top Ten security vulnerabilities.
+
 
+
A lot has changed since the publishing of the first Guide. Some new security holes have been found, there are new advises and most importantly Rails version 2.0 has been released. The new Ruby on Rails Security Guide aims at providing an up-to-date coding and configuration guide for the Rails community. 
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Project key Information'''
+
| style="width:15%; background:#cccccc" align="center"|Project Leader<br>[mailto:heikowebers(at)gmx.net '''Heiko Webers''']
+
| style="width:15%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)
+
| style="width:14%; background:#cccccc" align="center"|mailing List<br>[https://lists.owasp.org/mailman/listinfo/owasp-ruby-on-rails-v2 '''Mailing List/Subscribe here''']<br>[mailto:OWASP-Ruby-on-Rails-V2(at)lists.owasp.org '''Use here''']
+
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:mendrel-a-gmail.com '''Anthony Shireman''']<br>[[:OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Anthony Shireman Background|Bio]]
+
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:jons0022-at-unf.edu '''Steve Jones''']<br>[[:OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Steve Jones Background|Bio]]
+
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>[mailto:name(at)name '''Name&Email''']
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
* [http://www.owasp.org/images/9/9d/Owasp_rails_security2.pdf '''Download The Ruby on Rails Security Guide version 2''']
+
* [https://www.owasp.org/images/3/32/Rails_security_2_presentation.pdf PDF Short Presentation]
+
* (If appropriate, links to be added)
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
+
|-
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]
+
| style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#The Ruby on Rails Security Guide v2|'''Sponsored Project/Guidelines/Roadmap''']]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
+
|-
+
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
+
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
+
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes, completed by 80%'''<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes, updating formatting for final'''<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
+
| style="width:22%; background:#C2C2C2" align="center"|X
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>Yes, 100%.<br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes!''' <br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes''' <br>---------<br>Which status has been reached?<br>'''Release Quality'''<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
+
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
+
|-
+
 
  |}
 
  |}
 +
----

Latest revision as of 18:21, 29 August 2013


PROJECT IDENTIFICATION
Project Name OWASP Ruby on Rails Security Guide V2
Short Project Description The last security guide for Rails was a great success, with a lot of more secure web applications and continued awareness in the community of security issues. The Ruby on Rails Security Project is the one and only source of information about Rails security topics, and I keep the community up-to-date with blog posts and conference talks in Europe. The Guide and the Project has been mentioned in several Rails books and web-sites.

Version 1 of the Ruby on Rails Security Guide was sponsored by the SpoC 07, set the standard for OWASP programming language specific guides in terms of the topic outline and has been published as a book. Nevertheless I'm convinced that a more compact design and a "question-and-answer" style of writing will reach an even larger audience. Of course the new Guide will still include answers to the OWASP Top Ten security vulnerabilities.

A lot has changed since the publishing of the first Guide. Some new security holes have been found, there are new advises and most importantly Rails version 2.0 has been released. The new Ruby on Rails Security Guide aims at providing an up-to-date coding and configuration guide for the Rails community.

Project key Information Project Leader
Paolo Perego
Project Contributors
(if applicable)
Mailing List
Subscribe here
Use here
License
Creative Commons Attribution Share Alike 3.0
Project Type
Documentation
Sponsor
OWASP SoC 08
Release Status Main Links Related Projects

Release Quality
Please see here for complete information.

OWASP Ruby on Rails Security Guide V.2: PDF&Word - NEW RELEASE!
PDF Presentation

OWASP Web Application Security Put Into Practice
OWASP Testing Project