This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Getting Started"
| Line 3: | Line 3: | ||
==Application Security Overview== | ==Application Security Overview== | ||
| − | Drivers, market, business reasons | + | Drivers, market, business reasons. Links to articles about metrics, ROI, need for application security, what other companies are doing. |
==About Vulnerabilities== | ==About Vulnerabilities== | ||
| − | Design flaws and Implementation Bugs | + | A writeup about application vulnerabilities and how to figure out their risk. This section would give people the background on the technologies and types of mistakes people make. Links to articles about: |
| − | Common areas (Top 10) | + | Design flaws and Implementation Bugs |
| + | Common areas (Top 10) | ||
| − | == Root Causes of Vulnerabilities == | + | ==Root Causes of Vulnerabilities== |
| − | + | A writeup of how vulnerabilities get created and left undiscovered. This section points out weaknesses in most software development lifecycles. At a project level, this section talks about problems in staffing, roles, responsibilities, budget, and technology. At the organizational level, this section links to information about management structure, how to raise global organizataion awareness, establishing metrics, and standardizing technologies to help. | |
| + | |||
| + | ==Dealing with Root Causes== | ||
| + | |||
| + | A writeup of how application security fits into the software development lifecycle. The discussion would link to templates, tools, additional reading. (This is not intended to be a complete list (yet)) | ||
Security Requirements | Security Requirements | ||
Threat Modeling | Threat Modeling | ||
| Line 23: | Line 28: | ||
Organization Level | Organization Level | ||
| + | The discussion would link to templates, tools, additional reading. (This is not intended to be a complete list (yet)) | ||
Metrics | Metrics | ||
Policies | Policies | ||
Templates | Templates | ||
Standard Tools | Standard Tools | ||
| + | Legal | ||
Community of Interest | Community of Interest | ||
Executive Responsibility and Roles | Executive Responsibility and Roles | ||
Budget | Budget | ||
Revision as of 10:57, 29 March 2006
Getting Started in Application Security
Application Security Overview
Drivers, market, business reasons. Links to articles about metrics, ROI, need for application security, what other companies are doing.
About Vulnerabilities
A writeup about application vulnerabilities and how to figure out their risk. This section would give people the background on the technologies and types of mistakes people make. Links to articles about:
Design flaws and Implementation Bugs Common areas (Top 10)
Root Causes of Vulnerabilities
A writeup of how vulnerabilities get created and left undiscovered. This section points out weaknesses in most software development lifecycles. At a project level, this section talks about problems in staffing, roles, responsibilities, budget, and technology. At the organizational level, this section links to information about management structure, how to raise global organizataion awareness, establishing metrics, and standardizing technologies to help.
Dealing with Root Causes
A writeup of how application security fits into the software development lifecycle. The discussion would link to templates, tools, additional reading. (This is not intended to be a complete list (yet))
Security Requirements Threat Modeling Architecture Review Code Review Penetration Testing Vulnerability Scanning Project Responsibility and Roles Budget
Organization Level The discussion would link to templates, tools, additional reading. (This is not intended to be a complete list (yet))
Metrics Policies Templates Standard Tools Legal Community of Interest Executive Responsibility and Roles Budget
