Classic ASP Security Project

From OWASP

Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.

PROJECT IDENTIFICATION
Project Name	OWASP Classic ASP Security Project
Short Project Description	This project aims to create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries. More specifically: Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide . Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks. Addition of expression for Code Review Tool to support Classic ASP applications. Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI. This same module will compliment the OWASP Validation Documentation Project.
Email Contacts	Project Leader Juan C Calderon	Project Contributors (if applicable) Name&Email	Mailing List/Subscribe Mailing List/Use	First Reviewer Esteban Ribičić	Second Reviewer Andres Andreu	OWASP Board Member (if applicable) Name&Email

PROJECT MAIN LINKS
(If appropriate, links to be added)

SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008	Sponsored Project/Guidelines/Roadmap

ASSESSMENT AND REVIEW PROCESS
Review/Reviewer	Author's Self Evaluation (applicable for Alpha Quality & further)	First Reviewer (applicable for Alpha Quality & further)	Second Reviewer (applicable for Beta Quality & further)	OWASP Board Member (applicable just for Release Quality)
50% Review	Objectives & Deliveries reached? Yes --------- See&Edit:50% Review/Self-Evaluation (A)	Objectives & Deliveries reached? Yes --------- See&Edit: 50% Review/1st Reviewer (C)	Objectives & Deliveries reached? Yes --------- See&Edit: 50%Review/2nd Reviewer (E)	X
Final Review	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/SelfEvaluation (B)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D)	Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/2nd Reviewer (F)	X

Overview

Classic ASP 2.0 and 3.0 applications are still largely used as this technology is more than 10 years old and was largely used. there are thousands of sites on the wild that need guidance on the security arena. This is where OWASP can come up and provide help for “making the Web a better place” and continue spreading the word on security. I have always be a passionate of the technology (regardless of its inconveniences such as being old and DLL-hell prone) and I am really exited on the idea of sharing my knowledge of this area to the world and what best that though OWASP.

Objectives

Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries.

Deliverables and Progress

Activity	Status
Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide.	In Progress - 50%
Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks	Done - Jun 8, 2008
Addition of expression for Code Review Tool to support Classic ASP applications	Done - Jun 12, 2008
Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.	Done - Aug 3rd, 2008
This same module will compliment the OWASP Validation Documentation Project.	Done - Aug 7th, 2008