This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Application Security Assessment Standards Project/Roadmap
From OWASP
- Define the Application Security Assessment procedure into a Vulnerability Management procedure. Every step of the Application Security Assessment process should make some outputs related to Vulnerabilities/Risk related to the application.
- Define how to prioritize WebApp Vulnerabilities working with CWE mapping and scoring systems as CWSS (referring to OWASP TOP 10)
- Define a process of App Security Assessment that is Threat/Vulnerability Centric and that contains at least the following milestones:
- Use OWASP ASVS in order to define the AS-IS of the application validation process using the following techniques:
- Maturity Model (referring to OWASP SAMM Project)
- Attack Surface of the Application (referring to OWASP Code Review Project)
- Threat Modeling of the Application (referring to OWASP Code Review Project)
- WAPT/Code Review/VA (referring to OWASP Testing/Code Review Projects)
- Use OWASP ASVS in order to define the TO-BE of the application validation process.
- For each level definable as TO-BE of the application validation process define how to implement
- Processes:
- SSDLC (Referring to OWASP Development Guide)
- Code Review (referring to OWASP Code Review Project and OWASP SAMM)
- WAPT (referring to OWASP Testing Guide and OWASP SAMM)
- Technical Projects:
- OWASP ESAPI
- OWASP AppSensor
- Processes:
- Practical Examples
- Demo on how to implement ESAPI/AppSensor in a production project
- Tips on how to implement an Application Security Assessment Process into a production environment
- Use OWASP ASVS in order to define the AS-IS of the application validation process using the following techniques: