This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Getting Started

From OWASP
Revision as of 11:04, 29 March 2006 by Jeff Williams (talk | contribs)

Jump to: navigation, search

Getting Started in Application Security

Application security is simply the process of developing, maintaining, and purchasing applications that your organization can trust. Application security is inextricably tied into almost every aspect of organizations' information technology. This section is intended to provide a roadmap of the various topics in application security and where OWASP materials can help you and your organization master them.

Application Security Overview

Drivers, market, business reasons. Links to articles about metrics, ROI, need for application security, what other companies are doing.

About Vulnerabilities

A writeup about application vulnerabilities and how to figure out their risk. This section would give people the background on the technologies and types of mistakes people make. Links to articles about: 

 Design flaws and Implementation Bugs
 Common areas (Top 10)

Root Causes of Vulnerabilities

A writeup of how vulnerabilities get created and left undiscovered. This section points out weaknesses in most software development lifecycles. At a project level, this section talks about problems in staffing, roles, responsibilities, budget, and technology. At the organizational level, this section links to information about management structure, how to raise global organizataion awareness, establishing metrics, and standardizing technologies to help.

Project Improvements

A writeup of how application security fits into the software development lifecycle. The discussion would link to templates, tools, additional reading. (This is not intended to be a complete list (yet)) 

 Security Requirements
 Threat Modeling
 Architecture Review
 Code Review
 Penetration Testing
 Vulnerability Scanning
 Project Responsibility and Roles
 Budget

Organizational Improvements

The discussion would link to templates, tools, additional reading. (This is not intended to be a complete list (yet)) 

 Training and Awareness
 Application Security Teams (Infosec, Audit, Appsec, CSO)
 Metrics
 Policies
 Templates
 Standard Tools
 Legal
 Community of Interest
 Executive Responsibility and Roles
 Organizational Budget
Retrieved from "https://wiki.owasp.org/index.php?title=Getting_Started&oldid=1425"