The Guide

Contents

• Preamble
  • Introduction
  • Foreword
• The CISO Guide
  • Part I: Reasons for Investing in Application Security
  • Part II: Criteria for Managing Application Security Risks
  • Part III: Selection of Application Security Processes
  • Part IV: Metrics For Managing Risks & Application Security Investments
• Supporting Information
  • References
  • About OWASP
• Appendices
  • Appendix I-A: Value of Data & Cost of an Incident
  • Appendix I-B: Calculation Sheets
  • Appendix I-C: Online Data Breach Cost Calculator
  • Appendix I-D: Quick Reference to OWASP Guides & Projects

Licensing

The OWASP Application Security Guide For CISOs is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Credits

Primary author and editor

• Marco Morana

Other authors and contributors

• Tobias Gondrom
• Eoin Keary
• Andy Lewis
• Stephanie Tan
• Colin Watson

Project details

If you wish to know more about this guide or to contribute, please visit the project page and subscribe to the mailing list.

Related projects

The contributors to the OWASP CISO Survey also provided invaluable data for this guide.

Further details

For further information about the Application Security Guide For CISOs see the project page.