Difference between revisions of "Project Information:template Ruby on Rails Security Guide V2"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:mro(at)securenet.de '''Matthias Rohr''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:heikowebers(at)gmx.net '''Heiko Webers''']
 
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
 
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
  | style="width:14%; background:#cccccc" align="center"|[mailto:Owasp-XXXXXXXXXXXXXXXXX@lists.owasp.org '''Project Mailing List''']
+
  | style="width:14%; background:#cccccc" align="center"|[mailto:OWASP-Ruby-on-Rails-V2(at)lists.owasp.org '''Project Mailing List''']
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:to(at)change '''Rogan Dawes''']
+
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:steve.jones(at)unf.edu '''Steve Jones''']
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:ah@securenet.de '''Achim Hoffmann''']
+
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:jeff.cabaniss(at)gmail.com '''Jeff Cabaniss''']
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>[mailto:name(at)name '''Name&Email''']
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 25: Line 25:
 
  | style="width:100%; background:#cccccc" align="center"|
 
  | style="width:100%; background:#cccccc" align="center"|
 
* (If appropriate, links to be added)
 
* (If appropriate, links to be added)
 +
|}
 +
{| style="width:100%" border="0" align="center"
 +
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''
 +
|-
 +
| style="width:100%; background:#cccccc" align="center"|
 +
[[:Category:OWASP Web Application Security Put Into Practice|OWASP Web Application Security Put Into Practice]]
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 30: Line 36:
 
  |-
 
  |-
 
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]  
 
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008|Sponsor - '''OWASP Summer of Code 2008''']]  
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications - Need Futher Clarifications#XXXXXXXXXXXXXXXXX|'''Sponsored Project/Guidelines/Roadmap''']]
+
  | style="width:50%; background:#cccccc" align="center"|[[OWASP Summer of Code 2008 Applications#The Ruby on Rails Security Guide v2|'''Sponsored Project/Guidelines/Roadmap''']]
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 42: Line 48:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''  
 
  | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''  
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
  | style="width:22%; background:#C2C2C2" align="center"|X  
 
  | style="width:22%; background:#C2C2C2" align="center"|X  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''  
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''  
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
  | style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template XXXXXXXXXXXXXXXXX - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
+
  | style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Ruby on Rails Security Guide V2 - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
 
  |-
 
  |-
 
  |}
 
  |}

Revision as of 05:39, 16 June 2008

PROJECT IDENTIFICATION
Project Name OWASP Ruby on Rails Security Guide V2
Short Project Description The last security guide for Rails was a great success, with a lot of more secure web applications and continued awareness in the community of security issues. The Ruby on Rails Security Project is the one and only source of information about Rails security topics, and I keep the community up-to-date with blog posts and conference talks in Europe. The Guide and the Project has been mentioned in several Rails books and web-sites.

Version 1 of the Ruby on Rails Security Guide was sponsored by the SpoC 07, set the standard for OWASP programming language specific guides in terms of the topic outline and has been published as a book. Nevertheless I'm convinced that a more compact design and a "question-and-answer" style of writing will reach an even larger audience. Of course the new Guide will still include answers to the OWASP Top Ten security vulnerabilities.

A lot has changed since the publishing of the first Guide. Some new security holes have been found, there are new advises and most importantly Rails version 2.0 has been released. The new Ruby on Rails Security Guide aims at providing an up-to-date coding and configuration guide for the Rails community.

Email Contacts Project Leader
Heiko Webers
Project Contributors
(if applicable)
Name&Email
Project Mailing List First Reviewer
Steve Jones
Second Reviewer
Jeff Cabaniss
OWASP Board Member
Name&Email
PROJECT MAIN LINKS
  • (If appropriate, links to be added)
RELATED PROJECTS

OWASP Web Application Security Put Into Practice

SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008 Sponsored Project/Guidelines/Roadmap
ASSESSMENT AND REVIEW PROCESS
Review/Reviewer Author's Self Evaluation
(applicable for Alpha Quality & further)
First Reviewer
(applicable for Alpha Quality & further)
Second Reviewer
(applicable for Beta Quality & further)
OWASP Board Member
(applicable just for Release Quality)
50% Review Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit:50% Review/Self-Evaluation (A)
Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit: 50% Review/1st Reviewer (C)
Objectives & Deliveries reached?
Yes/No (To update)
---------
See&Edit: 50%Review/2nd Reviewer (E)
X
Final Review Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/SelfEvaluation (B)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/1st Reviewer (D)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See&Edit: Final Review/2nd Reviewer (F)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Season of Code - (To update)
---------
See/Edit: Final Review/Board Member (G)