[Java-project] [Owasp-leaders] Restart of the OWASP Java Project

[Dave Wichers]

I think this is a great idea and your approach sounds good to me, although
potentially too ambitious. But I don't know how much time you have to invest
or whether you can get enough other people to help you out. Hopefully you
can build a community of contributors around this vision and tackle all of
these tasks.

 

Thanks for agreeing to reinvigorate/relaunch this project.

 

-Dave

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Matthias Rohr
Sent: Wednesday, March 02, 2011 12:24 PM
To: java-project at lists.owasp.org
Cc: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] Restart of the OWASP Java Project

 

Hi all,

As some of you might already know, at this years OWASP Summit I pitched in
as new project leader for the OWASP Java Project. I was not that active the
last years in this project, so I'm sorry if I should missed some discussions
here. I will, however, do my best to really bring this project forward.
First of all I must say, that those who have worked on this project have
done an absolutelly great job! From my point of view, the vision for this
page (if not already) should be to create the central landing page on the
Web for all Java users (developers, architects & co.) interested in Web
security.

For this to work I'd suggust a few improvements and I'd loved to hear any
ideads you might have in mind as well!

1. Align the page with other Java-related OWASP projects like ESAPI,
Webgoat, ASVS (including a new chapter:  "OWASP J2EE Related Projects")
2. Priorize work on missing content
3. Implement a J2EE/Java EE Secure Coding Guideline based on ESAPI, ASVS
and/or the Quick Reference Guide.
4. Set-up a comparision of security aspects of web frameworks such like
struts2, spring mvc, jsf, gwt, etc. 
5. Set-up a comparision of security aspects of templating technologies such
as jsp, velocity, tiles, etc.
6. Should we use the term "Java EE" instead of "J2EE"?

Lastly, I talked with Daniel Brzozowski, the project leader of the OWASP
.NET Project. We both agreed, that it would be highly valuable, to try to
implement the same structure in both projects. Therefore, I'd like to
sugguest to integrate the following additional topics into the Java Project:

7.  J2EE Incidents 
8.  OWASP J2EE Research  
9.  OWASP Top10 for J2EE

What do you think about these ideas? Any other input or ideas? 

- Matthias

-- 
Matthias Rohr
OWASP Java Project Leader, http://www.owasp.org/index.php/OWASP_Java_Project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/java-project/attachments/20110302/d445e8b7/attachment.html