OWASP Focus

= Main = The goal of this project is to build a secure applications framework based off of JAVA and .NET architectures but written in javascript utilizing DOM and json as its foundation. This will allow JAVA and .NET programmers the ability to use their current programming methodologies via javascript .js files. See the Roadmap OWASP Focus Roadmap for more information on our plans.

Web Security Overview
While Java and .NET contain many security technologies for back-end development, it has not been so easy for back-end programmers to produce flexible front-end application without security vulnerabilities. Most application security vulnerabilities apply to developers not being able to code the front-end the same as the back-end with consistent coding methodologies. Notable this is because they are using different API frameworks for coding back-end (JAVA) verses front-end (JavaScript json/dom).

There are a lot of articles with tons of information regarding JavaScript and web UI programming vulnerabilities here at OWASP, however, this project is intended to provide a set of client side API's familiar to JAVA and .NET programmers along with built in OWASP best practices. This will enable them to write more secure code with little or no vulnerabilities.

= Resources =

= Roadmap = The OWASP Focus overall goal is to...


 * 1) Create a core structure of how interface components will be built. (done)
 * 2) Create an accessibility API for allowing other technologies interactive capabilities. (done)
 * 3) Create a way to organize these APIs for various categories such as look-and-feel, events and so on. (done)
 * 4) Create documentation on how to use the APIs
 * 5) Create the basic frame to simulate a .java or .cs where you can use a sudo class structure for coding
 * 6) Create a basic layered pane structure for the content pane, menu bar, and glass pane.

= Current Tasks =
 * Call for volunteers - Join the mailing list and get started!

= Ideas = Please submit your high level ideas or what you would like to see added to this project for future releases.

=Installation and configuration notes= This should work in any web server so it should be easy to get up and running.


 * After you have downloaded the latest code you should be able to explode the jar file and place it in your web container.
 * You can either use the index.html or copy and paste the contents from the provided index.html. (Note if you are not going to use DWR you can remove the following:


 * It is important to note that you the index.html is only used as a place holder for the web site. It only has limited use for things such as DWR.
 * All other third party applications we will put in the Includes.js file under generic.3rdParty.