This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10-2017 What's Next for Developers"
From OWASP
(Prepare OWASP Top 10-2017 Release (Content)) |
m (Editorial changes e.g. line feeds, changed a link to an internal link) |
||
| Line 14: | Line 14: | ||
{{Top_10:SubsectionTableBeginTemplate|type=main}}{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title=Establish & Use Repeatable Security Processes and Standard Security Controls|year=2017|language=en}} | {{Top_10:SubsectionTableBeginTemplate|type=main}}{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title=Establish & Use Repeatable Security Processes and Standard Security Controls|year=2017|language=en}} | ||
Whether you are new to web application security or already very familiar with these risks, the task of producing a secure web application or fixing an existing one can be difficult. If you have to manage a large application portfolio, this task can be daunting. | Whether you are new to web application security or already very familiar with these risks, the task of producing a secure web application or fixing an existing one can be difficult. If you have to manage a large application portfolio, this task can be daunting. | ||
| − | To help organizations and developers reduce their application security risks in a cost-effective manner, OWASP has produced numerous free and open resources that you can use to address application security in your organization. The following are some of the many resources OWASP has produced to help organizations produce secure web applications and APIs. On the next page, we present additional OWASP resources that can assist organizations in verifying the security of their applications and APIs. | + | <br/>To help organizations and developers reduce their application security risks in a cost-effective manner, OWASP has produced numerous <u>free and open</u> resources that you can use to address application security in your organization. The following are some of the many resources OWASP has produced to help organizations produce secure web applications and APIs. On the next page, we present additional OWASP resources that can assist organizations in verifying the security of their applications and APIs. |
<br/ style="font-size:5px"> | <br/ style="font-size:5px"> | ||
{{Top_10:GradientBox|year=2017}} | {{Top_10:GradientBox|year=2017}} | ||
<b>Application Security Requirements</b> | <b>Application Security Requirements</b> | ||
| − | : To produce a secure web application, you must define what secure means for that application. OWASP recommends you use the <u>[[ASVS|OWASP Application Security Verification Standard (ASVS)]]</u> as a guide for setting the security requirements for your application(s). If you’re outsourcing, consider the <u>[[OWASP_Secure_Software_Contract_Annex|OWASP Secure Software Contract Annex]]</u>.<br/><b>Note</b>: The annex is for US contract law, so please consult qualified legal advice before using the sample annex. | + | : To produce a <u>secure</u> web application, you must define what secure means for that application. OWASP recommends you use the <u>[[ASVS|OWASP Application Security Verification Standard (ASVS)]]</u> as a guide for setting the security requirements for your application(s). If you’re outsourcing, consider the <u>[[OWASP_Secure_Software_Contract_Annex|OWASP Secure Software Contract Annex]]</u>.<br/><b>Note</b>: The annex is for US contract law, so please consult qualified legal advice before using the sample annex. |
{{Top 10:GrayBoxEnd|year=2017}} | {{Top 10:GrayBoxEnd|year=2017}} | ||
{{Top_10:GradientBox|year=2017}} | {{Top_10:GradientBox|year=2017}} | ||
| Line 37: | Line 37: | ||
{{Top 10:GrayBoxEnd|year=2017}} | {{Top 10:GrayBoxEnd|year=2017}} | ||
| − | There are numerous additional OWASP resources available for your use. Please visit the <u>[[Projects|OWASP Projects]]</u> page, which lists all the Flagship, Labs, and Incubator projects in the OWASP project inventory. Most OWASP resources are available on our <u>[ | + | There are numerous additional OWASP resources available for your use. Please visit the <u>[[Projects|OWASP Projects]]</u> page, which lists all the Flagship, Labs, and Incubator projects in the OWASP project inventory. Most OWASP resources are available on our <u>[[Main_Page | wiki]]</u>, and many OWASP documents can be ordered in <u>[https://stores.lulu.com/owasp hardcopy or as eBooks]</u>. |
{{Top_10_2013:BottomAdvancedTemplate | {{Top_10_2013:BottomAdvancedTemplate | ||
Latest revision as of 17:23, 1 January 2018
|
Establish & Use Repeatable Security Processes and Standard Security Controls
Whether you are new to web application security or already very familiar with these risks, the task of producing a secure web application or fixing an existing one can be difficult. If you have to manage a large application portfolio, this task can be daunting.
Application Security Requirements
Application Security Architecture
Security Standard Controls
Secure Development Lifecycle
Application Security Education
There are numerous additional OWASP resources available for your use. Please visit the OWASP Projects page, which lists all the Flagship, Labs, and Incubator projects in the OWASP project inventory. Most OWASP resources are available on our wiki, and many OWASP documents can be ordered in hardcopy or as eBooks. |
