https://wiki.owasp.org/index.php?action=history&feed=atom&title=OWASP_Application_Security_Assessment_Standards_Project%2FRoadmapOWASP Application Security Assessment Standards Project/Roadmap - Revision history2026-04-23T23:01:10ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Application_Security_Assessment_Standards_Project/Roadmap&diff=107268&oldid=prevPaulo Coimbra: Created page with "*Define the Application Security Assessment procedure into a Vulnerability Management procedure. Every step of the Application Security Assessment process should make some output..."2011-03-21T18:44:16Z<p>Created page with "*Define the Application Security Assessment procedure into a Vulnerability Management procedure. Every step of the Application Security Assessment process should make some output..."</p>
<p><b>New page</b></p><div>*Define the Application Security Assessment procedure into a Vulnerability Management procedure. Every step of the Application Security Assessment process should make some outputs related to Vulnerabilities/Risk related to the application.<br />
*Define how to prioritize WebApp Vulnerabilities working with CWE mapping and scoring systems as CWSS (referring to OWASP TOP 10)<br />
*Define a process of App Security Assessment that is Threat/Vulnerability Centric and that contains at least the following milestones:<br />
**Use OWASP ASVS in order to define the AS-IS of the application validation process using the following techniques:<br />
***Maturity Model (referring to OWASP SAMM Project)<br />
***Attack Surface of the Application (referring to OWASP Code Review Project)<br />
***Threat Modeling of the Application (referring to OWASP Code Review Project)<br />
***WAPT/Code Review/VA (referring to OWASP Testing/Code Review Projects)<br />
**Use OWASP ASVS in order to define the TO-BE of the application validation process.<br />
**For each level definable as TO-BE of the application validation process define how to implement<br />
***Processes:<br />
****SSDLC (Referring to OWASP Development Guide)<br />
****Code Review (referring to OWASP Code Review Project and OWASP SAMM)<br />
****WAPT (referring to OWASP Testing Guide and OWASP SAMM)<br />
***Technical Projects:<br />
****OWASP ESAPI<br />
****OWASP AppSensor<br />
**Practical Examples<br />
***Demo on how to implement ESAPI/AppSensor in a production project<br />
***Tips on how to implement an Application Security Assessment Process into a production environment<br />
<br><br />
>>>>[http://www.owasp.org/images/4/42/AppSecurityAssessProcess.pdf A diagram which describes at high level the idea of the Application Security Process from initial assessment to final mitigation and review].</div>Paulo Coimbra