OWASP Season of Code 2009 - Applications

This page contains project Applications to the OWASP Season of Code 2009.

= A few notes = '''
 * If you want to apply for a OWASP SoC 09 sponsorship you HAVE TO USE THIS PAGE for your application.
 * See How To Participate for what to do once you completed your Application.
 * Please remember that projects will be selected and funded based on how well they meet the Selection Criteria.
 * Please see OWASP SoC 08, OWASP SpoC 07 for examples of Applications and OWASP AoC 06.
 * '''You can propose your project in any form you wish, but the best proposals will be well thought out, clear and concise, and reflective of your passion for the topic. We strongly suggest that you include this information in your proposal.

= Applications - {Fill in below} =

Application 2
{| border="0" align="center" style="width: 95%;" (Please see specifications)
 * align="center" style="background: white none repeat scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous; color: white;" colspan="2" |
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Applicant's Identification/Project Release Leader
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Applicant's Identification/Project Release Leader
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Applicant's Identification/Project Release Leader

(Please see specifications)
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Marc Chisinevski
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Application Designation/Name
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Asset management (asset identification, valuation and risk assessment based on ISO27005)
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | First (proposed) Reviewer
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | First (proposed) Reviewer
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | First (proposed) Reviewer

Prelude
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Paulo Coimbra
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Application Security Issue Addressed
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |

Please find the sources and documentation at http://sourceforge.net/projects/assetmng.

The application is already production-ready. However, the functionalities below need further analysis:

- Asset management (asset identification, valuation and risk assessment based on ISO27005); integration with opensource Security Information Management systems is currently being discussed.

- Party management (clients, providers)

- Contract and license management - integration with opensource tools such as OCS Inventory needs to be investigated, assetmng offering complementary functionalities.

Problems to be addressed

- Integration of different asset valuation and risk assessment models;

- Integration with opensource Security Information Management systems

Functionalities 1/ already implemented: managers/business analysts use the interface in order to:

- define assets and business process and their intrinsic values; - classify these assets according to ISO27005 guidelines

2/ to be developed: the application calculates asset values taking into an account

- the intrinsic value of the asset defined in step 1; - the values of other assets depending on this asset; - the values of business processes using the asset.

The concept of an “asset” derived from ISO 27005

========================================== ======

An asset can be:

- a business process or activity;

- information;

- a supporting asset such as a server or a network device.

3/ already implemented: the Legal or HR departments can use the application in order to manage parties and contracts

4/ already implemented: IT or helpdesk can use the application in order to manage licenses as well as their relationships to contracts and servers

Milestones:
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Prioritized area (Please choose from here)
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Enterprise usability of OWASP projects
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Project Release Roadmap
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |
 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Project Release Roadmap
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" |

July 16th, 2009 - Sources and documentation published at http://sourceforge.net/projects/assetmng

August 1st, 2009 – Identify improvements, new functionalities and integration options

Aug 10th, 2009 - Development

Aug 18th, 2009 – Test and debugging

Aug 28, 2009 - Peer Review &amp; Revisions

Aug 31, 2009 – Deliver of Prototype (Project Completion)


 * align="center" style="background: rgb(179, 179, 179) none repeat scroll 0% 0%; width: 30%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | Other Questions
 * align="left" style="background: rgb(194, 194, 194) none repeat scroll 0% 0%; width: 70%; -moz-background-clip: border; -moz-background-origin: padding; -moz-background-inline-policy: continuous;" | &#124;}
 * }
 * }