This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
SpoC 007 - OWASP Web Security Certification Framework - Progress Page
The OWASP Web Security Evaluation and Certification project is well underway. In fact at this point in writing I intend to fully complete the first draft by COB Friday September the 10th.
So far we have met the following milestones;
Defined the criteria for a good standard and set out key proposals for consideration Defined the structure for a scaleable scheme and built the generic framework Defined the generic controls for the technology section Defined the generic controls for the process section
Left to do
Define controls for the people section Refine all controls
Configure all controls to create a reference implementation
There are several services companies already planning to offer services around this project and several banks planning to adopt it for their 3rd party security assessment criteria. This is very encouraging!