This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP SecurityRAT Project"
(→Contributors) |
|||
Line 64: | Line 64: | ||
* [22 Sep 2016] [[Netherlands September 22nd, 2016|Netherlands Chapter Meeting]] | * [22 Sep 2016] [[Netherlands September 22nd, 2016|Netherlands Chapter Meeting]] | ||
* [30 Jun 2016] [https://2016.appsec.eu/?page_id=914 OWASP AppSec EU] | * [30 Jun 2016] [https://2016.appsec.eu/?page_id=914 OWASP AppSec EU] | ||
− | + | * [13 Jun 2016] OWASP Stammtisch Karlsruhe | |
− | |||
=FAQs= | =FAQs= |
Revision as of 18:19, 11 June 2017
OWASP SecurityRATTool mission: Simplify security requirement management during the SSDLC. DescriptionThe core functionality of SecurityRAT ("Requirement Automation Tool") can be described in the following steps:
Focus of SecurityRAT is currently put on automation of procedures rather then quality of requirements. There is a set of requirements provided which you can start with, nevertheless it is recommended to create your own set of requirements which fits your company risk profile. LicensingThis program is licensed under the Apache 2.0 license. |
Project ResourcesProject Leaders
Related ProjectsClassifications |
ReleasesPlease see our GitHub Releases page for the information about the most current release! SecurityRAT on Tour
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. The point of a document like this are the answers. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.' How can I participate in your project?All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. If I am not a programmer can I participate in your project?Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details. ContributorsThe following volunteers take care of pushing development of SecurityRAT forwards:
A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership. Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active. Current version: 1.0.2 Work in progress (targeted to speed up first steps with the tool): - Docker image - own user management - extensive development and operational documentation Next steps: - Integration with different Issue Trackers (currently only JIRA is supported) and other systems (e.g. wikis, testing tools) - works on provided default requirement sheet (code patterns, best practises, further parametrization of requirements) - other features with the goal of further speeding up handling of requirements throughout SDLC RoadmapAs of November, 2013, the highest priorities for the next 6 months are:
Subsequent Releases will add
Getting InvolvedInvolvement in the development and promotion of Tool Project Template is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows: CodingWe could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests LocalizationAre you fluent in another language? Can you help translate the text strings in the Tool Project Template into that language? TestingDo you have a flair for finding bugs in software? We want to product a high quality product, so any help with Quality Assurance would be greatly appreciated. Let us know if you can offer your help. FeedbackPlease use the Tool Project Template project mailing list for feedback about:
This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern. Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category. The Tool Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project. It would also be ideal if the sample text was translated into different languages. Addtional Instructions for making changes: The About 'tab' on that page is done with a MediaWiki template. If you log into the wiki page for your project and click the "Edit" button/link/tab in the top-right between 'Read' and 'View History', you'll see the edit page for the main body of your project page. If you scroll down below the form to edit that page (below the "Save page", "Show preview", "Show changes" buttons, you'll see some text with a triangle in front of it reading "Templates used on this page:" A list will expand if you click on the triangle/text to show the templates that make up this page. The one you want is the "Projects/OWASP Example Project About Page" - click the (edit) next to this to edit that template. The direct link is: https://www.owasp.org/index.php?title=Projects/OWASP_Example_Project_About_Page&action=edit The template takes 'input' that are key/value pairs where you'll need to edit the stuff after the equals (=) like: project_name =Place your project name here. You'd edit the bold bit. This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager. Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project
|