This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP Proactive Controls/Roadmap"
From OWASP
(Created page with "https://www.owasp.org/index.php/TODO:_Top_10_Defenses") |
|||
| Line 1: | Line 1: | ||
| − | + | [[Category:OWASP Project|TODO: Top 10 Defenses Project]] | |
| + | [[Category:OWASP Document]] | ||
| + | [[Category:OWASP Alpha Quality Document]] | ||
| + | |||
| + | =The OWASP TODO: Top 10 Defenses= | ||
| + | |||
| + | Welcome to the OWASP TODO: Top 10 Defenses Project! This project is the comprehensive reference for all OWASP projects and application security in general. All of the materials here are free and open source. | ||
| + | |||
| + | By now you can: | ||
| + | |||
| + | * TOC | ||
| + | * TBA | ||
| + | * Volunteer to help this project! | ||
| + | |||
| + | == Status == | ||
| + | |||
| + | : We are currently seeking volunteers who will help developing stub/empty articles listed bellow and bring it up to a production level of quality. Join us now to take part in this historic effort, just drop a line to [mailto:[email protected] Andrew van der Stock]! | ||
| + | |||
| + | == What's In It? == | ||
| + | |||
| + | TBA | ||
| + | |||
| + | '''TODO: Top 10 Defenses Backlog''' | ||
| + | |||
| + | * Volunteers | ||
| + | * Roadmap | ||
| + | |||
| + | # Security Architecture (including incorporating agile ideas) | ||
| + | # Use a (more) secure development frameworks and leverage enterprise frameworks (UAG, etc) | ||
| + | # Input validation | ||
| + | # Output Encoding | ||
| + | # Identity: Authentication and Session Management | ||
| + | # Access Control (service / controller, data, URL, function / CSRF, presentation, etc) | ||
| + | # Data Protection (Data at rest, including in cloud) | ||
| + | # Audit, Logging and Error Handling | ||
| + | # Secure Configuration | ||
| + | # Secure Communications (Data in transit) | ||
| + | |||
| + | |||
| + | == What's It For? == | ||
| + | |||
| + | TBA | ||
| + | |||
| + | == Why This Approach? == | ||
| + | |||
| + | TBA | ||
| + | |||
| + | == How Is It Maintained? == | ||
| + | |||
| + | * Agile creation - regular releases, time boxed, no heavy weight (e.g. 1.0 2.0) releases | ||
| + | |||
| + | TBA | ||
| + | |||
| + | ==Related Projects== | ||
| + | |||
| + | TBA | ||
| + | |||
| + | == Feedback and Participation: == | ||
| + | |||
| + | We hope you find the OWASP TODO: OWASP Top 10 Defenses Project useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to vanderaj@owasp.org. To join the OWASP TODO: OWASP Top 10 Defences Project mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/TBA subscription page.] | ||
| + | |||
| + | == Articles == | ||
| + | |||
| + | TBA | ||
| + | |||
| + | == == | ||
| + | |||
| + | [[Category:TODO-Top10-Defenses|TODO: OWASP Top 10 Defenses Project]] | ||
| + | |||
| + | __NOTOC__ | ||
Revision as of 22:17, 4 August 2013
The OWASP TODO: Top 10 Defenses
Welcome to the OWASP TODO: Top 10 Defenses Project! This project is the comprehensive reference for all OWASP projects and application security in general. All of the materials here are free and open source.
By now you can:
- TOC
- TBA
- Volunteer to help this project!
Status
- We are currently seeking volunteers who will help developing stub/empty articles listed bellow and bring it up to a production level of quality. Join us now to take part in this historic effort, just drop a line to Andrew van der Stock!
What's In It?
TBA
TODO: Top 10 Defenses Backlog
- Volunteers
- Roadmap
- Security Architecture (including incorporating agile ideas)
- Use a (more) secure development frameworks and leverage enterprise frameworks (UAG, etc)
- Input validation
- Output Encoding
- Identity: Authentication and Session Management
- Access Control (service / controller, data, URL, function / CSRF, presentation, etc)
- Data Protection (Data at rest, including in cloud)
- Audit, Logging and Error Handling
- Secure Configuration
- Secure Communications (Data in transit)
What's It For?
TBA
Why This Approach?
TBA
How Is It Maintained?
- Agile creation - regular releases, time boxed, no heavy weight (e.g. 1.0 2.0) releases
TBA
Related Projects
TBA
Feedback and Participation:
We hope you find the OWASP TODO: OWASP Top 10 Defenses Project useful. Please contribute to the Project by volunteering for one of the tasks, sending your comments, questions, and suggestions to [email protected]. To join the OWASP TODO: OWASP Top 10 Defences Project mailing list or view the archives, please visit the subscription page.
Articles
TBA
