[OWASP_PHPSEC] Hi Team

rahul chaudhary rahul300chaudhary400 at gmail.com
Wed Jul 24 15:11:16 UTC 2013


What we are building is purely for developers. We do not want to impose
anything to them. So, we just want to create functions that they can use.
e.g.function to set headers or setting pragma and all that. How they use
these functions is up to them.

So, they will not include this file at the top by default. They will only
include it, if they want to use this functions.

And yes, since this is for developers, every page will be on server.

Please remember, we DO NOT want to make every page secure by default by
imposing this library. The developers will use the functions wherever they
feel is necessary.


On Tue, Jul 23, 2013 at 6:04 PM, Mohamad A <m.azmath at gmail.com> wrote:

> Thanks Rahul,
>
> I will have a look at the libraries. Cache Library would be interesting
> one to work on.
>
> As per my understanding from
> https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#Browser_Cache
>
> We need to develop a library which will check for HTTP version and add the
> appropriate directive in response headers.
> Also at the end of the page for Pragma directive.
>
> Question : I assume that this library is sitting at server and every
> request by user to page will be scanned and appropriate response headers
> will be added. Is this right ?
>
> Example : Users in their application has to include this library,  say
> include('thislibrary) in index.php at top.
>
> Thanks,
> Azmath Mohamad
>
>
>
> On Tue, Jul 23, 2013 at 8:09 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
>> Hello Azmath,
>>
>> Its nice to know that more professionals like you are willing to
>> contribute on this project. Welcome abord.
>>
>> Here are all our codes:
>> https://github.com/OWASP/phpsec
>>
>> Here is the library list:
>>
>> http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/rash805115/1
>>
>> Basically we are trying to build independent libraries for assisting
>> developers to generate secure codes in their projects. We have managed to
>> make some stand-alone libraries. Please look at them and you can suggest
>> some changes. Or, you may choose a new library that is not done, such as
>> secure cache library and start working on it. You may post your findings in
>> this list. We will all try to help as much as we can on the go.
>>
>>
>> On Tue, Jul 23, 2013 at 8:25 AM, Mohamad A <m.azmath at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I am Azmath Mohamad, currently working in Bangalore having 10+ yrs of
>>> php exp.
>>> Would like to support the project and team.
>>>
>>> Can someone please guide me to the  functionality/modules list we are
>>> trying to achieve.
>>>
>>> --
>>> Thanks & Regards,
>>> M.Azmath
>>>
>>> /********************************************************************/
>>> linkedin : http://www.linkedin.com/profile/view?id=16937671
>>> blog : http://mohamadazmath.blogspot.in
>>> twitter : https://twitter.com/mohamadazmath
>>> facebook : https://www.facebook.com/mohamadazmath
>>>  GitHub : https://www.github.com/mohamadazmath<https://www.facebook.com/mohamadazmath>
>>> /********************************************************************/
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>
>
>
> --
> Thanks & Regards,
> M.Azmath
>
> /********************************************************************/
> linkedin : http://www.linkedin.com/profile/view?id=16937671
> blog : http://mohamadazmath.blogspot.in
> twitter : https://twitter.com/mohamadazmath
> facebook : https://www.facebook.com/mohamadazmath
> /********************************************************************/
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130724/eea4e670/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list