What is OWASP exactly? - owasp

Open Web Application Security Project
Promotes secure software development
Oriented to the delivery of web oriented services
Focused primarily on the “back-end” than web-design issues
An open forum for discussion
A free resource for any development team
What is it? An operating system or software?

Neither.
It is an organization that promotes secure software development.
As part of that effort they produce guidelines and software to help with this cause - software for testing and securing software. One piece of software is a live CD - the goal of this part of the project is "to make application security tools and documentation easily available.".
They are primarily concerned with secure web development.

From the OWASP landing page:
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software
(If you are not familiar with the designation "501c3", it is a U.S. legal term that means that donations to the organization are tax deductible.)
More, from their About page:
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project's long-term success.

OWASP is neither an Operating System nor Software.
It is a non profit foundation that would focus more on improving the security practices of an application.
Some activities of the foundation include,
Community trainings related to Security
Periodically release Vulnerability rankings so that the Application development team could take those factors into consideration for building Secure Applications - OWASP Top 10
Build open Source tools that could be used in improving the Security side of the application. For instance, OWASP Dependency Check is a Software Composition Analysis tool that could be incorporated as part of your project.
Develop and provide other documentation such as Cheat sheets, Checklists related to Security.

Related

Job opening for Murex Developer - Belfast Location

We have excellent opportunity with us Murex Developer in Belfast
About Synechron
At Synechron, we believe in the power of digital to transform businesses for the better. Our global consulting firm combines creativity and innovative technology to deliver industry-leading digital solutions. Synechron’s progressive technologies and optimization strategies span end-to-end Enterprise Advisory & Technology Consulting, Digital, Cloud & DevOps, Data, Systems Integration, and Engineering, servicing an array of noteworthy financial services and big technology firms.
Work Experience / responsibilities:
Development experience with Murex Datamart/Reporting. Thorough knowledge of Datamart feeders, batches, filters, and Extractions, SQL
Development experience with post-trade workflow/MXML
Experience with integration (Market data interfaces, LDAP connectivity, Connectivity C2.0)
Hands-on Experience writing complex SQL, DB Stored proc
Fair understanding of financial product
Contribute to overall solutions as per project deliverables
If you are interested, apply on below link
https://synechron.recruitee.com/o/senior-murex-developer.
Best,
Vaishali

Is there an Integration platform which is open source and free even for a lot of data, for unlimited runs and flows?

From my understanding, Informatica Cloud, Boomi, Talend, JitterBit are all integration tools which have "Connectors" to connect to servers (and I believe these Connectors in turn call APIs to access the required data). I saw many others but none of them are free although some are open source.
Are there any tools that help you visualize the integration process for free? If not, why not?
Tools like Informatica, Boomi provide drag and drop which show the entire flow.
Talend Open Studio is one such tool. not completely visual but almost there.
There are not many free tools as data storage technologies are constantly changing. It would be expensive for developers to keep up with constantly changing technologies without a source of income.
Developing data integration tools are resource intensive. Why would anybody(any enterprise company) spend so much of their effort and give away for free. Also the provider of the tools have to provide support for enterprise level . P1 means 4 hour response which means building the capability of the support team on par with the developer. All of these cost money and time. The only way to recoup is to sell the finished product and provide services.

BLUEMIX support for Social media app

I'm building a social media app targeting a specific nitche of users.
The app is built in HTML5 with features similar to Facebook or Instagram.
Can the entire application run on Bluemix?
What exactly are the benefits of bluemix to an App of this nature?
Thanks.
Blumix is a PAAS. The benefits of Bluemix are the benefits of a PAAS infrastructure and of the support:
cost savings
reduced technical maintenance
The upfront costs for purchasing servers, other hardware, and the necessary software licenses are eliminated.
Technical Benefits
Choice to choose the programming models, languages, operating systems and databases
Switching in different environments – Development , Test ( System, Integration, UAT,etc)
Hardware Scalability - Auto scaling supported through DevOps Services
Elasticity - Supported through DevOps Services
Automation – Supported at various level from runtime provisioning to development lifecycle
Improved development productivity
Business benefits
Lower Total Cost of Ownership
Faster time to market
Business Continuity
Savings on costs associated with hardware resource consumption and support infrastructure
Facebook is a social network.
And yes you can do something like this on Bluemix choosing the right services. I suggest you to take a look at Bluemix Catalog in order to understand what services you can create and use on Bluemix to do what you want: https://console.ng.bluemix.net/catalog/
In this particular case I suggest you to take a look to Object Storage Service (to store files) - DashDB (or other db service) to store db information - SSO to manage the authentication.
I suggest to take a look at this article too: https://www.ibm.com/developerworks/community/blogs/96960515-2ea1-4391-8170-b0515d08e4da/entry/Moving_to_Cloud_Platform_as_a_Service_Pros_and_Cons?lang=en
This a quite large topic, however let's see some of the services you could use on Bluemix developing your application:
the first thing I think about is the IBM Graph service: it is an easy-to-use, fully-managed NO-SQL graph database service for storing and querying data points, their connections, and properties. IBM Graph offers an Apache TinkerPop3 compatible API and plugs into your Bluemix application seamlessly. This service can be used for building recommendation engines, analyzing social networks, and fraud detection.
Insights for Twitter: this could be useful if you need to integrate with Twitter for example analyzing the trends and providing your users updated news.
You could take a look at the Watson cognitive services in the Bluemix Catalog, some of them can be useful for social networking purposes (eg. Language Translation to connect people speaking different languages, or Personality Insights to identify psychological traits which determine purchase decisions, intent and behavioral traits).
The application can entirely run on Bluemix (you can choose the Runtime you prefer for the server-side code). The benefits, in addition to the services listed above (there are actually many others that could result useful), are the classic ones related to developing on a Cloud PaaS platform: scalability (both horizontal and vertical), availability, lower costs...

BigBlueButton and/or Mconf Open Source Web Conferencing

As a security professional I am curious to know if anybody is aware of security issues with the open source web conferencing product BigBlueButton and/or Mconf?
Thanks
Ron
I found this document: https://www.dropbox.com/s/jz7x1fglgawc8ef/BBB-MCONF-NOTES.pdf?dl=0 that describes what look to be some serious security problems. If this document is to be believed it might not be a good idea to use these applications.
According to this thread in which one of the core developers of BigBlueButton commented about security, https://groups.google.com/d/msg/bigbluebutton-dev/GzxfilVDpes/oCguFWyFEmUJ
He says:
"..there is no representation of security in BigBlueButton. None. We (the core developers) are not trying to build a secure web conferencing system." -Fred Dixon
Bob it appears that underlying intent & focus of BigBlueButton is not on security but rather capabilities. Perhaps there are ways to plumb in security aspects during or post-implementation efforts.

social features- chat, forums, online directories

We are building a content based portal. Along with the content, we want to provide some collaborative tools- i.e. chat, forums, online directories etc
We are hoping to leverage open-source software for this, as this isn't really a differentiator and will hopefully be faster/cheaper. I am looking at light integration between the content and these (common login, ability to easily reference content in chat/ forums etc) and am flexible on features being offered- as long as the broad functionality is achieved.
We have hosted on MS Azure- what should our considerations be towards identifying the right product?
Joomla! is one option. You want to ensure that the majority or all of the tools you are looking for are openly available no your chosen platform. It is hard to make a solid recommendation without much detail on the content, but you can check it out here:
http://www.joomla.org/about-joomla.html
It is free and open source, site says
Joomla is used all over the world to power Web sites of all shapes and sizes. For example:
Corporate Web sites or portals
Corporate intranets and extranets
Disclaimer: Have never used Joomla