Difference between revisions of "Projects/OWASP Alchemist Project"

From OWASP
Jump to: navigation, search
 
(14 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Template:Project About
+
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>Project About</noinclude>
 
| project_name = OWASP Alchemist Project
 
| project_name = OWASP Alchemist Project
 
| project_home_page =:OWASP Alchemist Project
 
| project_home_page =:OWASP Alchemist Project
Line 5: Line 5:
 
| project_description =
 
| project_description =
  
*A large majority of software projects do not incorporate security from the word go. Alchemist intends to help solve this conundrum, by enabling a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws. Alchemist is focused to present this solution by way of architecting a real-life high stakes software application in J2EE (Spring/Struts) with security built into it right from the inception, step-by-step as it falls under an SDLC. Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:
+
Alchemist enables a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.  
**Security Requirements,
+
 
**Threat Risk Modeling,
+
Alchemist is focused to present this solution by architecting a real-life high stakes application with security built into it right from the inception, step-by-step as it falls under an SDLC. The current exercise is targeted at demonstrating this on a J2EE based web application that is developed using Spring framework. Spring framework was chosen due to its widespread adoption in the financial products. However, it is important note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted technology. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built using other leading programming languages and frameworks.
**Use and Abuse Cases,
+
 
**Secure Coding Guideline,
+
Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:
 +
 
 +
*Security Requirements
 +
*Threat Risk Modeling
 +
*Use and Abuse Cases
 +
*Secure Coding Guideline
  
 
| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]
 
| project_license = [http://www.gnu.org/licenses/#GPL GNU General Public License]
  
| leader_name1 = Bishan Singh
+
| leader_name1 = Naveen Rudrappa
| leader_email1 = c70n3r@gmail.com
+
| leader_email1 = naveen.rudrappa@owasp.org
| leader_username1 = Bishan Singh
+
| leader_username1 = Naveen Rudrappa
  
| leader_name2 = Chandrakanth Narreddy
+
| leader_name2 = Chandrakanth Reddy Narreddy
 
| leader_email2 = chandra.kanth@hotmail.com
 
| leader_email2 = chandra.kanth@hotmail.com
| leader_username2 =  
+
| leader_username2 = Chandrakanth Reddy Narreddy
  
| leader_name3 = Naveen Rudrappa
+
| leader_name3 = Bishan Singh
| leader_email3 = Naveen.rudra02@gmail.com
+
| leader_email3 = Bishan.Singh@owasp.org
| leader_username3 =  
+
| leader_username3 = Bishan Singh
  
 
| contributor_name[1-10] =  
 
| contributor_name[1-10] =  
Line 39: Line 44:
 
| links_url[1-10] =  
 
| links_url[1-10] =  
 
| links_name[1-10] =  
 
| links_name[1-10] =  
| release_1 = Alchemist 1.0
+
| release_1 = Alchemist Secure J2EE Spring v1.0
 
| release_2 =  
 
| release_2 =  
 
| release_3 =
 
| release_3 =
 
| release_4 =
 
| release_4 =
 +
<!--- The line below is for GPC usage only. Please do not edit it --->
 +
| project_about_page = Projects/OWASP Alchemist Project
 
}}
 
}}

Latest revision as of 12:16, 18 April 2011

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Alchemist Project (home page)
Purpose: Alchemist enables a software development team in realization of highly secure and defensible application with built-in defenses/controls against security‐related design, coding and implementation flaws.

Alchemist is focused to present this solution by architecting a real-life high stakes application with security built into it right from the inception, step-by-step as it falls under an SDLC. The current exercise is targeted at demonstrating this on a J2EE based web application that is developed using Spring framework. Spring framework was chosen due to its widespread adoption in the financial products. However, it is important note that Alchemist is not limited to J2EE or more specifically Spring framework. The idea is to demonstrate the upper spectrum of security practices that are often neglected or are done in bits and pieces by picking a well known widely adopted technology. Since the emphasis is on security architecture and defensibility, the future road-map is to demonstrate the same for applications built using other leading programming languages and frameworks.

Although this project is more than useful for existing/already developed applications, Alchemist is not the ideal solution to retrofit security into existing applications. It is aimed at offering more to applications that are at least in development, most in design phase. Allowing for language-specific differences, Alchemist builds this application with a strong foundation of security architecture that covers following main practices:

  • Security Requirements
  • Threat Risk Modeling
  • Use and Abuse Cases
  • Secure Coding Guideline
License: GNU General Public License
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: View
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Alchemist Secure J2EE Spring v1.0 - 13th January 2011 - (no download available)
Release description: A real-world banking application with 5 dynamic pages.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases