File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes A Question on OWASP & Security in general Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "A Question on OWASP & Security in general" Watch "A Question on OWASP & Security in general" New topic
Author

A Question on OWASP & Security in general

Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9390
    
    2

Very recently I have started to work on JCE for one of the projects. I'm finding it very interesting as I'm learning new API and concepts. What does your OWASP in general has to do with security? As far as I understand from your website it looks like you are trying to bring some standards for implementing security in webapps / stand also apps etc., Did I get that right? If yes, then who will be the standards authority? How does it all work?


SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!
Juan C Calderon
Owasp member
Greenhorn

Joined: Feb 08, 2011
Posts: 4
I guess the first thing you will find useful is the Java (Security) Project at OWASP (http://www.owasp.org/index.php/Category:OWASP_Java_Project) where you will find a lot of valuable resources on security Java Applications including a section on how to use JCE (http://www.owasp.org/index.php/Using_the_Java_Cryptographic_Extensions) or how to use secure hashes (http://www.owasp.org/index.php/Hashing_Java) and much more.

OWASP mission is "to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license." (from OWASP main Page). Therefore OWASP has dozens of documentation projects (including guidelines, standards, FAQs), tools and helds conferences all over the world to achieve this mission.

OWASP is the most known and referenced institution in the world regarding application security,so I guess OWASP is the standard . Institutions like PCI, US government and other EU institutions strongly suggest adeherance to OWASP materials like OWASP Top 10 (http://www.owasp.org/index.php/Top_10_2010) and ASVS (http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project).

As OWASP name implies all materials and tools are Open Source, that is you can use them, modify them and distribute them freely. Participating into a project can be as easy as emailing a project leader and get hands on the materials.

Regards,
Juan Carlos
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: A Question on OWASP & Security in general