[Owasp-leaders] New Categories for OWASP Projects -Tools/Code - Your Feedback

Noreen Whysel noreen.whysel at owasp.org
Mon May 11 14:32:03 UTC 2015


Would you consider running a card sort? Ask members to sort the project list based on open (they choose) and closed (we choose) categories? There are online tools like trello.com and Optimal Sort that make the task easy. Optimal Sort provides statistics, but it is not free. You could also run it as a team activity at AppSecEU with colored post it notes.

Noreen Whysel
Community Manager
OWASP Foundation

> On May 11, 2015, at 9:00 AM, Munir Njiru <munir.njiru at owasp.org> wrote:
> 
> A finer detail would be detailed tags . looking at it from a user perspective it would be nice if tags also covered what they can be used for e.g. SQL Injection , XSS, etc most people search on this aspect. 
> 
> Munir Njenga,
> OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
> Mob   (KE) +254 (0) 734960670
> 
> =============================
> Chapter Page: www.owasp.org/index.php/Kenya
> Email: munir.njiru at owasp.org
> Facebook: https://www.facebook.com/OWASP.Kenya
> Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
> 
> 
>> On Mon, May 11, 2015 at 3:57 PM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>> Simon , I'll incorporate your change. My idea is to make a 'searchable' data of projects out of this info
>> Easier for users looking for information about OWASP projects
>> 
>> Regards
>> 
>> Johanna
>> 
>>> On Mon, May 11, 2015 at 5:45 AM, psiinon <psiinon at gmail.com> wrote:
>>> Hi Johanna,
>>> 
>>> Thanks for doing this, I think it will be very helpful.
>>> 
>>> Minor feedback - I'd recommend either using a short description OR keywords / tags, or having separate columns for them.
>>> My preference would be for tags (or separate columns) as they are then easier for cross-linking, eg for ZAP: "Proxy", "Attack", "Vulnerability Scanner".
>>> 
>>> Cheers,
>>> 
>>> Simon
>>> 
>>> 
>>>> On Sun, May 10, 2015 at 1:47 AM, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
>>>> Hi All
>>>> 
>>>> I have been working on categorising the Owasp projects based on the kind of tool/code library and programming language used
>>>> 
>>>> I would like very much your feedback an ideas on the kind of categories
>>>> 
>>>> We do not want to make it to granular, feel free to reply
>>>> 
>>>> Regards
>>>> 
>>>> Johanna Curiel
>>>> Project Review Team Leader
>>>> 
>>>> Code/Tools	Maturity Level	Programming language written	Keywords/short description
>>>> Vulnerable Websites/Vulnerability training apps			
>>>> WebGoat	LAB	Java	Vulnerabilities Java Learning
>>>> WebGoatPHP	Incubator	PHP	Vulnerabilities learning PHP
>>>> WebGoat.NET	Incubator	.NET	Vulnerabilities learning .NET
>>>> OWASP Hackademic Challenges Project	LAB	Java	Vulnerabilities Java Learning
>>>> OWASP Security Shepherd	LAB	Java	Vulnerabilities Java Learning
>>>> OWASP iGoat	Incubator	Objective C	Vulnerabilties Android Mobile
>>>> OWASP Bricks	Incubator	PHP	Vulnerabilities learning PHP
>>>> OWASP Mutillidae 2	Incubator	PHP	Vulnerabilty app
>>>> OWASP SeraphimDroid	Incubator	Java	Vulnerabilties Android Mobile
>>>> OWASP Node js Goat	Incubator	Javascript/Node.js framework	Vulnerabilities Node.js
>>>> OWASP Faux Bank Project	Incubator	ASP	Vulnerabilities Banking app
>>>> Pen testing tools			
>>>> OWASP Zed Attack Proxy	Flagship	Java	attack proxy
>>>> OWASP OWTF	Flagship	JavaScript/HTML/CSS	attack application layer
>>>> O-Saft	LAB	Perl/Command line	verification SSL
>>>> OWASP Web Testing Environment Project	Flagship	Virtual Machine with multiple owasp tools	testing framework
>>>> OWASP EnDe	LAB	Javascript/HTML/CSS	Decoder Encoder
>>>> OWASP Dependency Check	Flagship	Java plugin	Control vulnerabilities dependencies in libraries
>>>> OWASP Passfault	LAB	PHP	Password weaknesses crack control
>>>> OWASP Xenotix XSS Exploit Framework	LAB	Javascript/HTML/CSS	XSS attacks testing
>>>> OWASP Mantra Security Framework	LAB	Distribution	testing framework
>>>> OWASP Mantra OS	Incubator	Attack Platform OS Ubuntu	Attack platform
>>>> OWASP Bywaf	Incubator	Python	Attack Web layer
>>>> OWASP NINJA PingU Project	Incubator	C	Ping Utility
>>>> OWASP SQLiX	Incubator	Perl	Scanner Attacks
>>>> 
>>>> OWASP Pyttacker	Incubator	Python	Reporting pen testing results
>>>> OWASP HTTP POST Tool	Incubator	C++	Load testing web application
>>>> OWASP Rainbow Maker	Incubator	Python	Crack hashes
>>>> OWASP Wapiti Project	Incubator	Python	Web Vulnerability Scanner attack
>>>> OWASP Droid10	Incubator	Java	Android web vulnerability scanner
>>>> OWASP Droid	Incubator	Java	Android web vulnerability scanner
>>>> Static Analysis Tools/Libraries			
>>>> OWASP O2 Platform	LAB	.NET	Static analysis
>>>> OWASP Dependency Track Project	LAB	Java	Track code vulnerabilities
>>>> OWASP WAP	Incubator	PHP	Static analysis/Protection agains attacks
>>>> OWASP SonarQube	Incubator	Java plugins	Static Analysis check vulnerabilities
>>>> Dependency check in libraries - tools			
>>>> WebGoat Benchmark	Incubator	Java	Track code vulnerabilities
>>>> OWASP Python Security Project	Incubator	Python	Code analysis Python libraries vulnerabilities
>>>> OWASP Encoder Comparison	Incubator	Javascript/HTML/CSS	Encoder ASCII ESAPI
>>>> OWASP JSEC CVE	Incubator	Java	Common vulnerabilities check
>>>> Protection against vulnerabilties -Sanitizer tools			
>>>> OWASP Java HTML Sanitizer Project	Incubator	Java	Sanitizer Input validation
>>>> OWASP WebSpa	Incubator	Java	Port knocking
>>>> Protection against vulnerabilties - Security code libraries			
>>>> OWASP ModSecurity Core Rule Set Project	Flagship	Configuration files Apache	Mod security Apache rules Web Firewall
>>>> OWASP CSRFGuard Project	Flagship	Java library	Protection against CRSF attacks
>>>> OWASP AppSensor Project	Flagship	Java library	Protection vulnerabilities Secure development
>>>> OWASP Enterprise Security API	LAB	Java library	Protection vulnerabilities Secure development
>>>> OWASP Java Encoder Project Thumbsup.png	Incubator	Java library	Protection vulnerabilities Secure development
>>>> OWASP Java File I/O Security Project	Incubator	Java library	Protection vulnerabilities Secure development
>>>> OWASP iMAS - iOS Mobile Application Security Project	Incubator	Objective C	IOS mobile Sanitise code Protection vulnerabilities
>>>> OWASP PHP Security Project	Incubator	PHP library	Protection vulnerabilities Secure development
>>>> OWASP File Format Validation Project	Incubator	BIL language	Check file validation format
>>>> OWASP Security Logging Project	Incubator	Java library	Reporting logging security issues/events
>>>> OWASP PHPRBAC Project	Incubator	PHP library	Role Based Access Control Library
>>>> Software Testing and Development tools			
>>>> OWASP Secure TDD	Incubator	.NET	Test driven development
>>>> OWASP XSecurity	Incubator	Objective C	IOS secure development
>>>> OWASP ASIDE	Incubator	Java/PHP	Secure development
>>>> OWASP Code Pulse	LAB	.NET	Code Coverage revision
>>>> Forensic analysis tools			
>>>> OWASP iOSForensic	Incubator	Python	IOS Forensic analysis
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> -- 
>>> OWASP ZAP Project leader
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CACxry_3R6v7h2Jn8--_AZWFUdAGPLEx_1WMkAg50HQKCtfX%2BOw%40mail.gmail.com.
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150511/5d12a2bd/attachment-0001.html>


More information about the OWASP-Leaders mailing list