This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

A Question on OWASP & Security in general

 
Joe Harry
Ranch Hand
Posts: 10106
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Very recently I have started to work on JCE for one of the projects. I'm finding it very interesting as I'm learning new API and concepts. What does your OWASP in general has to do with security? As far as I understand from your website it looks like you are trying to bring some standards for implementing security in webapps / stand also apps etc., Did I get that right? If yes, then who will be the standards authority? How does it all work?
 
Juan C Calderon
Owasp member
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess the first thing you will find useful is the Java (Security) Project at OWASP (http://www.owasp.org/index.php/Category:OWASP_Java_Project) where you will find a lot of valuable resources on security Java Applications including a section on how to use JCE (http://www.owasp.org/index.php/Using_the_Java_Cryptographic_Extensions) or how to use secure hashes (http://www.owasp.org/index.php/Hashing_Java) and much more.

OWASP mission is "to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license." (from OWASP main Page). Therefore OWASP has dozens of documentation projects (including guidelines, standards, FAQs), tools and helds conferences all over the world to achieve this mission.

OWASP is the most known and referenced institution in the world regarding application security,so I guess OWASP is the standard . Institutions like PCI, US government and other EU institutions strongly suggest adeherance to OWASP materials like OWASP Top 10 (http://www.owasp.org/index.php/Top_10_2010) and ASVS (http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project).

As OWASP name implies all materials and tools are Open Source, that is you can use them, modify them and distribute them freely. Participating into a project can be as easy as emailing a project leader and get hands on the materials.

Regards,
Juan Carlos
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic