Projects/OWASP ASIDE Project

Revision as of 18:57, 4 September 2014 by Jun Zhu (talk | contribs) (Description)

Jump to: navigation, search
OWASP Project Header.jpg


OWASP ASIDE is led by [Jun Zhu] and Bill Chu. Other major contributors include [Jing Xie], Heather Richter Lipford, Tyler Thomas, John Melton & Will Stranathan.

We have presented our talk Using Interactive Static Analysis for Early Detection of Software Vulnerabilities at AppSec USA 2012. You can view and download our presentation here.
We have presented our talk Secure Programming Support in IDE at AppSec USA 2011 in Minneapolis. You can view and download our presentation here.


ASIDE is an abbreviation for Application Security plugin for Integrated Development Environment. It is an Eclipse Plugin which is a software tool primarily designed to help developers write more secure code by detecting and identifying potentially vulnerable code and providing informative fixes during the construction of programs in IDEs.


ASIDE currently has three prototype implementations: ASIDE CodeRefactoring for Education, ASIDE CodeAnnotate which consists of two implementations, ASIDE JavaCodeAnnotate and ASIDE PHPCodeAnnotate.

ASIDE CodeRefactoring for Education is an Eclipse plugin that aims to detect root cause of vulnerabilities that are caused by untrusted inputs get in to the application and be consumed without validation, and provide interactive code refactoring support for students and professional developers to learn secure programming practices and write more secure code.

ASIDE CodeAnnotate is another Eclipse plugin which deals with a different class of vulnerabilities that are more application logic specific. Specifically, it is aimed at addressing CSRF and broken access control issues while the developers are writing their code.

An older version of ASIDE DEMO shows you earlier design and implementation of CodeRefactoring, if you are interested in knowing. You will need Adobe Flash to display it.

Research Activities

1. Jun Zhu, Jing Xie, Heather Richter Lipford, and Bill Chu, Supporting Secure Programming in Web Applications through Interactive Static Analysis, In Journal of Advanced Research, Elsevier, December, 2013.

2. Jun Zhu, Heather Richter Lipford, and Bill Chu, Interactive Support for Secure Programming Education, In Proceedings of ACM Technical Symposium on Computer Science Education (SIGCSE), March 6-9, 2013, Denver, Colorado, USA

3. Jing Xie, Heather Richter Lipford, and Bill Chu, Evaluating Interactive Support for Secure Programming, In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI), May 2012, Austin, Texas, USA

4. Jing Xie, Bill Chu, Heather Richter Lipford, and John T. Melton, ASIDE:IDE Support for Web Application Security, In Proceedings of 27th Annual Computer Security Applications Conference (ACSAC), December 5–9, 2011, Orlando, FL, USA

5. Jing Xie, Heather Richter Lipford, and Bill Chu, Why do programmers make security errors?, In Proceedings of IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), September 18–22, 2011, Pittsburgh, PA, USA

6. Jing Xie, Bill Chu, and Heather Richter Lipford Interactive Support for Secure Software Development, In Proceedings of Engineering Secure Software and Systems Third International Symposium (ESSoS), February 2011, Madrid, Spain


OWASP ASIDE is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is ASIDE?

OWASP ASIDE provides:

  • Interactive Static Analysis support to developers in Eclipse IDE (for Java and PHP) to detect and mitigate software vulnerabilities in the code
  • Interactive Secure Programming Education opportunities in IDE for students as well as professional developers to help them write more secure code as well as learn best secure programming practices


1. Our talk Using Interactive Static Analysis for Early Detection of Software Vulnerabilities at AppSec USA 2012. You can view and download our presentation.

2. Our talk Secure Programming Support in IDE at AppSec USA 2011 in Minneapolis. You can view and download our presentation.

Project Leaders

[Jun Zhu], Bill Chu

Related Projects


Quick Download

  • Link to page/download

Email List

Project Email List:

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1

In Print



New projects.png Owasp-builders-small.png
Project Type Files CODE.jpg


XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx


  • xxx
  • xxx

As of XXX, the priorities are:

  • xxx
  • xxx
  • xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: N/A
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
last reviewed release

other releases