- Name: Azhar Ahamed
- Major: Computer Science
- University: University of Westminster
- Institution: Informatics Institute of Technology
- GitHub: @azharanees
- E-mail: [email protected], [email protected], [email protected]
- Telegram ID: @azharanees
- Project URL: https://github.com/OWASP/RiskAssessmentFramework
The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Even Though there are many SAST tools available for testers, but the compatibility and the Environment setup process is complex. By using OWASP Risk Assessment Framework's Static Application Security Testing tool Testers will be able to analyse and review their code quality and vulnerabilities without any additional setup. OWASP Risk Assessment Framework can be integrated in the DevSecOps toolchain to help developers to write and produce secure code.
Currently the following features are supported:
- Web Deface Detection
- Risk Assessment Tools
- Static Application security Testing
- Scanning Tools based on OWASP Top 10
Organisation: OWASP Foundation
Project URL: https://github.com/OWASP/RiskAssessmentFramework
IRC channel: https://t.me/joinchat/IjCM_BRrcPYPC3X0DZ4Rog
Mentor: Ade Yoseman Putra (@adeyosemanputra), AZZEDDINE Ramrami (@aramrami)
Proposal Title: Building an API to stage the results of Static Application Security Testing
Tag: securetea tools
Proposed summary as per proposal:
Building an API for the dashboard which will help the testers to Assess the Risk by uploading the result from their SAST tools. There are many branches to the SAST tool projects provided by OWASP mainly,
- OWASP SonarQube Project
- OWASP Orizon Project
- OWASP LAPSE Project
- OWASP O2 Platform
- OWASP WAP-Web Application Protection Building an API for the dashboard which will help the testers to Assess the Risk by uploading the result from their SAST tools, So Implementing the API which provides relevant inputs for Risk Rating which will be staged in the dashboard with graphs and charts and which provides access to SAST tools
Summary of the work done during the GSoC :
-
Phase I : Dashboard Implementation
-
Phase II : API Implementation
-
Initiated the API development setting up the environment for NodeJs
-
Added the required packages for the development of the API (Express,helmet,morgan,body-parser)
-
Added the file upload functionality to store project files in the server
-
Added feature to generate
sonar-project.propertiesfile dynamically -
Added feature to create sonarqube project through the sonarqube-api
-
-
Phase III : API-DASHBOARD Connection
-
Updated Profile Component and handling api requests and responses
-
Updated Profile Component and handling api requests and responses
-
Implemented Capturing and reusing the projectId generated from the api
-
Dockerized the NodeJs API
-
Dockerized the Dashboard
View list of commits here.
Commits:
Angular GUI dashboard
Demo
The followings are the projected milestone for next releases:
- Creating Virtual Image for the stack
- Project analysis through repository links
- Performing bug fixes
- Integrating other SAST tools
- Bundling all the dependencies
- Improving the UI/UX of the dashboard
- Hosting as distributed micro services
Working on this project was one of the best experience I got which made me learn many things technical and non-technical also helped my network to grow. My mentors were very supportive and almost everyday they were checking on me and provided me with resources that helped me successfully complete this project. GSoC helped me get started on contributing to the open source even though this year's GSoC period is coming to an end It's just the beginning of a new journey. Looking forward to work on open source projects and the OWASP organization.