close
Skip to content

OWASP/www-project-secure-headers

OSHP Logo

OWASP Production Ask DeepWiki

Introduction

📦 This repository contains all the content of the OWASP Secure Headers Project (also named OSHP).

OSHP ecosystem

🗺️ The OSHP project is composed of the following projects:

  • Main site: It is the core of the OSHP and provide the information about HTTP security headers.
    • Called mainsite.
    • Content is here.
  • Validator: Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.
    • Called validator.
    • Content is here.
  • Statistics: Statistics about HTTP response security headers usage mentioned by the OSHP.
    • Called statistics.
    • Content is here.

Repository structure

  • The base of the repository contains the main site.
  • The other projects are stored in the folder subprojects: Each sub projects have it own folder.
  • The project official logo is stored into the folder logo as well as into the OWASP Swag GitHub repository.
  • The folder ci (CI for Continuous Integration) contains materials to generate or update content using GitHub actions workflows.

GitHub actions

📝 The naming convention used is [project_call_name]_[action]_[target].yml where:

  • [project_call_name] is the project call name defined above.
  • [action] can be (validate|monitor|generate).

🔋 Health status:

Status File
mainsite_generate_headers-json-files.yml 📄
mainsite_generate_stats-related-files.yml 📄
mainsite_generate_technical-references-dashboard.yml 📄
mainsite_monitor_oshp-site-references.yml 📄
mainsite_monitor_oshp-gha-workflows.yml 📄
mainsite_validate_external-links.yml 📄
mainsite_validate_owasp-nest-metadata.yaml 📄
statistics_generate_datasource.yml 📄
validator_validate_tests-suite.yml 📄

Issue and discussions

💬 Both are handled using the following GitHub features:

Content editor

👩‍💻 Content editing is done with Visual Studio Code.

📦 A workspace file is provided with recommended extensions.

Social media communication

📩 This template is used to announce news on social media about OSHP update:

📡 OWASP Secure Headers Project: [MESSAGE].

#appsec #appsecurity #owasp_shp

[PRINT_SCREEN_IN_PNG_FORMAT_WHEN_APPLICABLE]

📖 [LINK_TO_OSHP_SECTION]

💡 Source used:

[LINK_TO_SOURCE_USED]

Project leaders

🧑‍💻 Ricardo Iramar

🧑‍💻 Dominique Righetto

Contributors

💌 Contributors to OSHP, before the migration of the project to GitHub:

💌 Visit this page for updated information about the contributors since the migration of the project to GitHub.

Licensing

📑 This project content is free to use. It is licensed under the Apache 2.0 License.