OWASP Backend Security Project

musicincurableData Management

Jan 31, 2013 (4 years and 8 months ago)

266 views

OWASP

Backend Security
Project

Carlo Pelliccioni


Backend Security Project leader


carlo.pelliccioni@gmail.com

Who am I



OWASP Italy active member



OWASP Testing Guide v2.0 contributor



OWASP Backend Security Project leader



Penetration Tester @ Symantec



Web Application Security trainer

Overview










Overview


OWASP Backend Security Project is an OWASP project entirely dedicated to
the core of the Web Applications.



Several contributors (developers, system integrators and security testers)
have contributed to achieve this important aim consisting in a beta quality
guide composed by three sections oriented to the security field:
Development
,
Hardening

and
Testing
.









Objectives (1/2)


The aim of this OWASP project is to create a new guide that could allow
developers, administrators and testers to comprehend any parts of the
security process about back
-
end components that directly communicate with
the web applications as well as databases, ldaps, etc..



In this version (v1.0 beta) we were focalized to create new topics and collect
the information on the OWASP wiki to reach the objectives defined during the
first phase of the Summer of Code 2008.


Objectives (2/2)


Overview

Create a section with an introduction about the project (high
-
level
description) explaining the main goals.



Development

Include the writings already existent in OWASP wiki concerning
PHP,JAVA and ASP.NET and extend the projects' sections with new contents.




Hardening

Create new guidelines about the dbms hardening



Testing

Include the writings already existent in OWASP wiki about security
testing. Create new articles about security testing.


Status and Future Steps



Beta Quality v1.0 (Summer of Code 2008)



Security development (new articles)


Java



PHP



.NET



Security hardening (only DBMS in this version / new articles)


Oracle



SQL Server


DB2



MySQL



PostgreSQL



Security testing (several articles from Testing Guide v3.0 / new articles)


DBMS Fingerprinting


Oracle



MySQL



PostgreSQL



LDAP




Release Quality v2.0 (Winter of Code 2009?)



Improve the existent sections.



Add new topics...





...some ideas?


Closing

Contributors:








Daniele Bellucci





Erik Sonnleitner





Francesco Perna



Giuseppe Gottardi



Guido Landi



Guido Pederzini



Maurizio Agazzini



Massimo Biagiotti



Pasquale de Rinaldis

Reviewers:








Esteban Ribi
č
i
ć





Josh Sweeney