Difference between revisions of "Projects/OWASP VaultDB Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:Project About
 
{{Template:Project About
 
| project_name =OWASP VaultDB Project
 
| project_name =OWASP VaultDB Project
| project_description =VaultDB is a secure NoSQL database management system (DBMS) for modern applications. It supports multi-recipient encryption, table-level encryption, group encryption and comes loaded with a strong cryptosystem.
+
| project_description =VaultDB is a multi-recipient cryptosystem and encrypted document store for LAMP (Linux, Apache, MySQL, PHP) based web applications. This framework provide everything you need for storing encrypted documents inside a custom MySQL database. VaultDB also comes with a secure user login and authentication mechanism designed to avoid common security and cryptographic pitfalls.
  
VaultDB adds automatic transparent encryption to your application's data at the table/document level. Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside your prefered DBMS for storage.
+
VaultDB adds automatic transparent encryption to your application's data at the table/document level. Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside a custom MySQL database for storage.
 
+
It's design is made to provide developers with a solid method for integrating strong cryptography inside applications and databases, secure data using NoSQL-like transactions while avoiding encryption design flaws.
+
 
+
Cryptography is hard and implementation mistakes can quickly render any encryption scheme useless and insecure.
+
 
+
VaultDB was designed with these facts in mind and aim at ensuring proper security through open verifiability of it's cryptosystem's implementation.
+
  
 +
It's design is made to provide developers with a solid method for integrating strong cryptography inside web applications and secure data using NoSQL-like transactions.
  
 
----
 
----

Revision as of 16:07, 21 January 2014

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP VaultDB Project
Purpose: VaultDB is a multi-recipient cryptosystem and encrypted document store for LAMP (Linux, Apache, MySQL, PHP) based web applications. This framework provide everything you need for storing encrypted documents inside a custom MySQL database. VaultDB also comes with a secure user login and authentication mechanism designed to avoid common security and cryptographic pitfalls.

VaultDB adds automatic transparent encryption to your application's data at the table/document level. Instead of using it's own internal storage engine, VaultDB stores the encrypted data inside a custom MySQL database for storage.

It's design is made to provide developers with a solid method for integrating strong cryptography inside web applications and secure data using NoSQL-like transactions.



This project can protect your application from 4 out of 10 critical security risks in the OWASP Top Ten Most Critical Web Application Security Risks from OWASP_Top_Ten_Project.

  • A1 Injection
  • A2 Broken Authentication and Session Management (was formerly A3)
  • A5 Security Misconfiguration (was formerly A6)
  • A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)




Home page : VaultDB

Online repo : Github



License: Modified BSD, 3-clause License (we recommend you consider Apache 2.0 instead of this licnese. It is more up-to-date and provides a little more protection from software patent lawsuits)
who is working on this project?
Project Leader(s):
  • Maxime Labelle @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Maxime Labelle @ to contribute to this project
  • Contact Maxime Labelle @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases