|
|
| (4 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| − | <center>'''''Organizations listed are not accredited by OWASP. Neither their products nor services have been endorsed by OWASP.'''''</center>
| + | *[[OWASP Related Commercial Services|New Project Page]], |
| − | <center>'''''Please note that the registry is currently under development and listing requirements are subject to change.'''''</center>
| + | *[[Commercial Services - First Attempt|Commercial Services - First Attempt - Not currently in use]]. |
| − | <br>
| |
| − | ==== Home ====
| |
| − | | |
| − | {| width="100%"
| |
| − | |-
| |
| − | ! width="66%" | <br>
| |
| − | ! width="33%" | <br>
| |
| − | |- valign="top"
| |
| − | |
| |
| − | OWASP's mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks, and as a value-add towards this end we have attempted to centralize OWASP project deliverable-based services for you in a single OWASP Commercial Services Registry. OWASP is not affiliated with any technology company, and '''''OWASP does not endorse commercial products or services''''', although we support the informed use of commercial security technology, and that is the ultimate goal of this registry.
| |
| − | | |
| − | Encouraging the formation of commercial services (verification, implementation services, process improvement, and training) benefits both industry and OWASP by promoting the development and consumption by industry and government of tools and techniques that are based on OWASP open standards, best practices and design patterns. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not-for-profit entity that ensures the project’s long-term success, providing sound foundations to build commercial services upon.
| |
| − | | |
| − | Firms listed in this registry follow strict rules to ensure the preservation of OWASP’s non-commercial nature. Firms listed in this registry share our belief that application security needs to be approached as a people, process, and technology problem, because the most effective approaches to application security include improvements in all of these areas.
| |
| − | | |
| − | |
| |
| − | [[Image:Asvs-ad-where-at.png|link=http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project]]
| |
| − | | |
| − | |}
| |
| − | | |
| − | {| width="100%"
| |
| − | |-
| |
| − | ! width="33%" |
| |
| − | ! width="33%" |
| |
| − | ! width="33%" |
| |
| − | |- valign="top"
| |
| − | |
| |
| − | == Join OWASP ==
| |
| − | | |
| − | [[Image:Asvs-writing.JPG|link=]]'''How to join OWASP'''
| |
| − | | |
| − | The professional association of OWASP Foundation is a not-for-profit 501c3 charitable organization not associated with any commercial product or service.
| |
| − | | |
| − | *[http://www.owasp.org/index.php/Membership Membership information]. | |
| − | | |
| − | |
| |
| − | == Get Listed ==
| |
| − | | |
| − | [[Image:Asvs-bulb.jpg|link=]]'''How to get your company listed''' | |
| − | | |
| − | '''Question: What do you need from us?'''
| |
| − | | |
| − | '''Answer:''' For each type of service (Verification, Implementation Services, Process Improvement, and Training), one has to first choose what services of a given type one is offering. For example, for Verification, one can choose from any combination of ASVS levels 1A, 1B, 1, 2A, 2B, 2, 3, 4. Next, one has to provide the information requested in the paragraph above the table, let's keep using Verification as an example, starting from the second half of the paragraph: "Provider listings are required to include the following information..." -- this sentence provides a list of the information needed. The "Acme Application Security Co." is a fictional company listing that provides an example of a listing that provides the needed information.
| |
| − | | |
| − | '''Question:''' How many categories can we be listed under (we fall under a couple)
| |
| − | | |
| − | '''Answer:''' You can be listed once for each type of service (Verification, Implementation Services, Process Improvement, and Training). So, one company could have up to four listings, one on each tab. Then, in each listing, one can include one or more specific services of that type. The "Acme Application Security Co." is a fictional company on the Verification tab for example provides both ASVS Level 1A and 1B verification services.
| |
| − | | |
| − | Please let Kate know if you have any further questions, or need any additional information.
| |
| − | | |
| − | To be listed in the OWASP Commercial Services Registry, contact [http://www.owasp.org/index.php/Contact Kate Hartmann].
| |
| − | | |
| − | | | |
| − | | |
| − | == Related resources ==
| |
| − | | |
| − | [[Image:Asvs-satellite.jpg|link=]]'''OWASP Resources'''
| |
| − | | |
| − | *[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project OWASP Top Ten]
| |
| − | *[http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP ASVS]
| |
| − | *[http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API OWASP ESAPI]
| |
| − | *[http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model OWASP SAMM] | |
| − | *[http://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Development Guide]
| |
| − | *[http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide]
| |
| − | *[http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide]
| |
| − | | |
| − | |}
| |
| − | | |
| − | <br>
| |
| − | | |
| − | ==== Verification ====
| |
| − | | |
| − | <br>Commercial OWASP ASVS verification providers are listed below. Organizations listed either use ASVS or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, ASVS verification levels offered; and contact name and email.
| |
| − | | |
| − | {| width="100%" cellspacing="1" cellpadding="1" border="0" style=""
| |
| − | |-
| |
| − | ! width="5%" | <br>
| |
| − | ! width="90%" | <br>
| |
| − | |-
| |
| − | ! bgcolor="#cccccc" scope="col" | OWASP Member<br>
| |
| − | ! bgcolor="#cccccc" scope="col" | Organization<br>
| |
| − | |-
| |
| − | | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | ... another OWASP member organization...
| |
| − | |-
| |
| − | | bgcolor="#99cccc" | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | bgcolor="#99cccc" |
| |
| − | '''[http://www.thisisafakeurlforafakecompany.com Acme Application Security Co.] ([http://code.google.com/p/owasp-asvs/wiki/Levels_1A 1A] ,[http://code.google.com/p/owasp-asvs/wiki/Levels_1B 1B])''' [[File:Us.png|link=]]
| |
| − | | |
| − | Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. [[File:Eps_closedHS.png|link=]] [mailto:[email protected] Contact us] for more information. | |
| − |
| |
| − | [[File:CommentHS.png|link=]] ''Last modified: April 14, 2010 - 8:36''
| |
| − | | |
| − | |-
| |
| − | | align="center" |
| |
| − | This organization is not an OWASP member
| |
| − | | |
| − | |
| |
| − | ... not an OWASP member organization...<br>
| |
| − | | |
| − | |-
| |
| − | | bgcolor="#99cccc" align="center" |
| |
| − | This organization is not an OWASP member<br>
| |
| − | | |
| − | | bgcolor="#99cccc" |
| |
| − | [http://www.google.com]... not an OWASP member organization...<br>
| |
| − | | |
| − | |}
| |
| − | | |
| − | <br> <br>
| |
| − | | |
| − | ==== Implementation Services ====
| |
| − | | |
| − | <br>Commercial OWASP ESAPI implementation service providers are listed below. Organizations listed either use ESAPI or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, ESAPI implementation service platforms offered, and contact name and email.
| |
| − | | |
| − | {| width="100%" cellspacing="1" cellpadding="1" border="0" style=""
| |
| − | |-
| |
| − | ! width="5%" | <br>
| |
| − | ! width="90%" | <br>
| |
| − | |-
| |
| − | ! bgcolor="#cccccc" scope="col" | OWASP Member<br>
| |
| − | ! bgcolor="#cccccc" scope="col" | Organization<br>
| |
| − | |-
| |
| − | | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | ... another OWASP member organization...
| |
| − | |-
| |
| − | | bgcolor="#99cccc" | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | bgcolor="#99cccc" |
| |
| − | '''[http://www.thisisafakeurlforafakecompany.com Acme Application Security Co.] ([http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=.NET ESAPI for .NET], [http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=Java_EE ESAPI for Java])''' [[File:Us.png|link=]]
| |
| − | | |
| − | Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. [[File:Eps_closedHS.png|link=]] [mailto:[email protected] Contact us] for more information. | |
| − |
| |
| − | [[File:CommentHS.png|link=]] ''Last modified: April 14, 2010 - 8:36''
| |
| − | | |
| − | |-
| |
| − | | align="center" |
| |
| − | This organization is not an OWASP member
| |
| − | | |
| − | |
| |
| − | ... not an OWASP member organization...<br>
| |
| − | | |
| − | |-
| |
| − | | bgcolor="#99cccc" align="center" |
| |
| − | This organization is not an OWASP member<br>
| |
| − | | |
| − | | bgcolor="#99cccc" |
| |
| − | [http://www.google.com]... not an OWASP member organization...<br>
| |
| − | | |
| − | |}
| |
| − | | |
| − | <br> <br>
| |
| − | | |
| − | ==== Process Improvement ====
| |
| − | | |
| − | <br>Commercial OWASP SAMM process improvement providers are listed below. Organizations listed either use SAMM or will help you use it. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, SAMM business function process improvement services offered, and contact name and email.
| |
| − | | |
| − | {| width="100%" cellspacing="1" cellpadding="1" border="0" style=""
| |
| − | |-
| |
| − | ! width="5%" | <br>
| |
| − | ! width="90%" | <br>
| |
| − | |-
| |
| − | ! bgcolor="#cccccc" scope="col" | OWASP Member<br>
| |
| − | ! bgcolor="#cccccc" scope="col" | Organization<br>
| |
| − | |-
| |
| − | | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | ... another OWASP member organization...
| |
| − | |-
| |
| − | | bgcolor="#99cccc" | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | bgcolor="#99cccc" |
| |
| − | '''[http://www.thisisafakeurlforafakecompany.com Acme Application Security Co.] ([http://www.owasp.org/index.php/SAMM_-_Construction Construction], [http://www.owasp.org/index.php/SAMM_-_Verification Verification])''' [[File:Us.png|link=]]
| |
| − | | |
| − | Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. [[File:Eps_closedHS.png|link=]] [mailto:[email protected] Contact us] for more information. | |
| − |
| |
| − | [[File:CommentHS.png|link=]] ''Last modified: April 14, 2010 - 8:36''
| |
| − | | |
| − | |-
| |
| − | | align="center" |
| |
| − | This organization is not an OWASP member
| |
| − | | |
| − | |
| |
| − | ... not an OWASP member organization...<br>
| |
| − | | |
| − | |-
| |
| − | | bgcolor="#99cccc" align="center" |
| |
| − | This organization is not an OWASP member<br>
| |
| − | | |
| − | | bgcolor="#99cccc" |
| |
| − | [http://www.google.com]... not an OWASP member organization...<br>
| |
| − | | |
| − | |}
| |
| − | | |
| − | <br> <br>
| |
| − | | |
| − | ==== Training ====
| |
| − | | |
| − | <br>Commercial OWASP Guide training providers are listed below. Organizations listed either use OWASP Guides or will help you use them. Provider listings are required to include the following information: company name and link to corporate web site, company location and markets served, company area(s) of application technology expertise, OWASP Guide training offered, and contact name and email.
| |
| − | | |
| − | {| width="100%" cellspacing="1" cellpadding="1" border="0" style=""
| |
| − | |-
| |
| − | ! width="5%" | <br>
| |
| − | ! width="90%" | <br>
| |
| − | |-
| |
| − | ! bgcolor="#cccccc" scope="col" | OWASP Member<br>
| |
| − | ! bgcolor="#cccccc" scope="col" | Organization<br>
| |
| − | |-
| |
| − | | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | ... another OWASP member organization...
| |
| − | |-
| |
| − | | bgcolor="#99cccc" | [[Image:Preferences.png|center|link=]]<br>
| |
| − | | bgcolor="#99cccc" |
| |
| − | '''[http://www.thisisafakeurlforafakecompany.com Acme Application Security Co.] ([http://www.owasp.org/index.php/Category:OWASP_Guide_Project Development], [http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project Code Review])''' [[File:Us.png|link=]]
| |
| − | | |
| − | Acme Application Security Co. is headquartered in Memphis, Tennessee. Acme Application Security Co. serves both enterprises and governments. Areas of expertise include web 2.0 social media technologies. [[File:Eps_closedHS.png|link=]] [mailto:[email protected] Contact us] for more information. | |
| − |
| |
| − | [[File:CommentHS.png|link=]] ''Last modified: April 14, 2010 - 8:36''
| |
| − | | |
| − | |-
| |
| − | | align="center" |
| |
| − | This organization is not an OWASP member
| |
| − | | |
| − | |
| |
| − | ... not an OWASP member organization...<br>
| |
| − | | |
| − | |-
| |
| − | | bgcolor="#99cccc" align="center" |
| |
| − | This organization is not an OWASP member<br>
| |
| − | | |
| − | | bgcolor="#99cccc" |
| |
| − | [http://www.google.com]... not an OWASP member organization...<br>
| |
| − | | |
| − | |}
| |
| − | | |
| − | <br> <br>
| |
| − | | |
| − | | |
| − | __NOTOC__ <headertabs />
| |
