This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Security Pins Project"

From OWASP
Jump to: navigation, search
(What is OWASP Security Principles Project?)
(Classifications)
 
(4 intermediate revisions by one other user not shown)
Line 6: Line 6:
 
==The OWASP Security Principles==
 
==The OWASP Security Principles==
  
Oftentimes motivating security champions is a challenge. Most of the time, they're not willing to dedicate the time and effort to the invisible part of security. The product owners themselves focus on pushing the developement of features therefore the nessecity of security is often neglected or almost completely overlooked.
+
Oftentimes motivating security champions is a challenge. Most of the time, they're not willing to dedicate the time and effort to the invisible part of security. The product owners themselves focus on pushing the developement of features therefore the nessecity of security is often neglected or almost completely overlooked.[[File:Broken authentification.png|thumb]]That is why there is a need to visualize the investment in security, made by a champion or an entire team. One solution would be to give out corresponding buttons for every security event the champions attend. Those events could be something along the lines of a threat modeling session with OWASP Cornucopia or any other relevant topics.
 
 
That is why there is a need to visualize the investment in security, made by a champion or an entire team. One solution would be to give out corresponding buttons for every security event the champions attend. Those events could be something along the lines of a threat modeling session with OWASP Cornucopia or any other relevant topics.
 
  
 
The buttons can be seen as a reward given to the representatives of each team, showcased in the team rooms. Preferably on a white hat or a sash. This concept could also be implemented with stickers. As an alternative to reward the attendency of a meeting, the actual implementation (e.g. using of a hardened image) might be rewarded.
 
The buttons can be seen as a reward given to the representatives of each team, showcased in the team rooms. Preferably on a white hat or a sash. This concept could also be implemented with stickers. As an alternative to reward the attendency of a meeting, the actual implementation (e.g. using of a hardened image) might be rewarded.
Line 17: Line 15:
 
* Security Champions are able to get some kind of certification
 
* Security Champions are able to get some kind of certification
 
* This project could help engange others in the topic of security
 
* This project could help engange others in the topic of security
 
==Description==
 
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<span style="color:#ff0000">
 
This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible.
 
</span>
 
 
'''Although this is a sample template, the project is real! [http://owasp.github.io/Security-Principles Please contribute to this project.]'''
 
 
Over the course of my career, I have come across and collected a number of security ''aphorisms.'' These aphorisms constitute the fundamental principles of information security.
 
 
None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism.
 
 
Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well.
 
  
 
==Licensing==
 
==Licensing==
Line 41: Line 24:
  
 
== Quick Download ==
 
== Quick Download ==
 
+
https://github.com/wurstbrot/security-buttons
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->A preview can be found here: <nowiki>https://nextcloud.fhunii.com/s/WYfC43RDE8KZXQK</nowiki>
 
 
 
Please not that they are using not allowed logo combinations and non open source fonts at the moment.
 
 
 
<span style="color:#ff0000">
 
This is where you can link to your repository.
 
</span>
 
 
 
The home of the OWASP Security Principles is on [https://github.com/OWASP/Security-Principles GitHub.] You are encourged to fork, edit and push your changes back to the project through git or edit the project directly on github.
 
 
 
However, if you like you may also download the master repository from the following links:
 
* [https://github.com/OWASP/Security-Principles/zipball/master .zip file.]
 
* [https://github.com/OWASP/Security-Principles/tarball/master .tgz file.]
 
  
 
== Project Leader ==
 
== Project Leader ==
Line 62: Line 32:
  
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
<span style="color:#ff0000">
+
 
Here is where you can let the community know what project stage your project is currently in, whether the project is a builder, breaker, or defender project, and what type of project you are running.
 
</span>
 
  
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
Line 97: Line 65:
 
The first contributors to the project were:
 
The first contributors to the project were:
  
* Katharina Treptow
+
* Katharina Treptow__NOTOC__
 
 
= Road Map and Getting Involved =
 
 
 
=Project About=
 
 
 
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
 
<span style="color:#ff0000">
 
This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager.
 
Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
 
</span>
 
 
 
{{:Projects/OWASP_Example_Project_About_Page}}
 
 
 
 
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
__NOTOC__ <headertabs />
 
 
 
 
[[Category:OWASP Project]]   
 
[[Category:OWASP Project]]   
 
[[Category:OWASP_Builders]]  
 
[[Category:OWASP_Builders]]  
 
[[Category:OWASP_Defenders]]   
 
[[Category:OWASP_Defenders]]   
 
[[Category:OWASP_Document]]
 
[[Category:OWASP_Document]]

Latest revision as of 17:26, 28 December 2018

OWASP Project Header.jpg

The OWASP Security Principles

Oftentimes motivating security champions is a challenge. Most of the time, they're not willing to dedicate the time and effort to the invisible part of security. The product owners themselves focus on pushing the developement of features therefore the nessecity of security is often neglected or almost completely overlooked.
Broken authentification.png
That is why there is a need to visualize the investment in security, made by a champion or an entire team. One solution would be to give out corresponding buttons for every security event the champions attend. Those events could be something along the lines of a threat modeling session with OWASP Cornucopia or any other relevant topics.

The buttons can be seen as a reward given to the representatives of each team, showcased in the team rooms. Preferably on a white hat or a sash. This concept could also be implemented with stickers. As an alternative to reward the attendency of a meeting, the actual implementation (e.g. using of a hardened image) might be rewarded.

Benefits:

  • A teams effort in security is visible and therefore measureable
  • teams are able to compare each others achievements, especially with different skill levels (e.g. XSS Basics and XSS Advanced events)
  • Security Champions are able to get some kind of certification
  • This project could help engange others in the topic of security

Licensing

This project is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

Quick Download

https://github.com/wurstbrot/security-buttons

Project Leader

Timo Pagel

Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

FAQs

How can I participate in your project?

Create buttons.

If I am not a programmer can I participate in your project?

Create buttons.

Acknowledgements

Contributors

The OWASP Security Principles project is developed by a worldwide team of volunteers. A live update of project contributors is found here.

The first contributors to the project were:

  • Katharina Treptow