This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP Application Security Requirements Project"

From OWASP
Jump to: navigation, search
m (added verbage about target audience being non-technical)
(Added a new section with some links to "buckets" of stuff to help get started)
Line 10: Line 10:
 
* The ''reason d'etre'' of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
 
* The ''reason d'etre'' of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
 
* Requirements, use-cases, and user stories will tend to be business-focused.  In other words, requirements will be developed more for the consumption of Business Analysts and Project Managers rather than hard-core code warriors.
 
* Requirements, use-cases, and user stories will tend to be business-focused.  In other words, requirements will be developed more for the consumption of Business Analysts and Project Managers rather than hard-core code warriors.
 +
 +
==Can't seem to edit the "Project Main Links" section so here are some links==
 +
[[High Level Requirements Categories]]
 +
 +
[[Tips for using the project's requirements, use-cases, and user stories]]
 +
 +
[[Other really good requirements that aren't generic enough to be part of the project but that might be what you're looking for in YOUR environment]]
 +
  
 
==Joining the Project==
 
==Joining the Project==

Revision as of 05:39, 26 February 2011

Click here to return to OWASP Projects page. Click here to see (& edit, if wanted) the template.

PROJECT IDENTIFICATION
Project Name OWASP Application Security Requirements Project
Short Project Description
  • The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
  • The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
  • The reason d'etre of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
Email Contacts Project Leader
NONE
Project Contributors
(if applicable)
Name&Email
Mailing List/Subscribe
Mailing List/Use
First Reviewer
James McGovern
Second Reviewer
Name
OWASP Board Member
(if applicable)
Name&Email
PROJECT MAIN LINKS

Repository on "Google Code" [1]

RELATED PROJECTS
OWASP Secure Software Contract Annex
SPONSORS & GUIDELINES
Sponsor name, if applicable Project Guidelines/Roadmap
ASSESSMENT AND REVIEW PROCESS
Review/Reviewer Author's Self Evaluation
(applicable for Alpha Quality & further)
First Reviewer
(applicable for Alpha Quality & further)
Second Reviewer
(applicable for Beta Quality & further)
OWASP Board Member
(applicable just for Release Quality)
First Review Objectives & Deliveries reached?
Not yet (To update)
---------
Which status has been reached?
Alpha Status - (To update)
---------
See&Edit: First Review/SelfEvaluation (A)
Objectives & Deliveries reached?
Not yet (To update)
---------
Which status has been reached?
Alpha Status - (To update)
---------
See&Edit: First Review/1st Reviewer (B)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Alpha Status - (To update)
---------
See&Edit: First Review/2nd Reviewer (C)
Objectives & Deliveries reached?
Yes/No (To update)
---------
Which status has been reached?
Alpha Status - (To update)
---------
See/Edit: First Review/Board Member (D)

Overview

OWASP believe that clearly articulating project-agnostic web application security requirements—providing both high-level/general and low-level/specific sine quibus non—is the best way to ensure that software is developed with strong, robust, yet workable security guidance.

  • The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
  • The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
  • The reason d'etre of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
  • Requirements, use-cases, and user stories will tend to be business-focused. In other words, requirements will be developed more for the consumption of Business Analysts and Project Managers rather than hard-core code warriors.

Can't seem to edit the "Project Main Links" section so here are some links

High Level Requirements Categories

Tips for using the project's requirements, use-cases, and user stories

Other really good requirements that aren't generic enough to be part of the project but that might be what you're looking for in YOUR environment


Joining the Project

If you are interested in volunteering for the project, or just have a comment or question, please join the OWASP AppSec Requirements mailing list.

Project Administrivia

This project was initiated around September of 2007 under the management of Jamie Fisher. The project was rechartered in August of 2008. The interim project manager is Matthew Chalmers.

Media in category "OWASP Application Security Requirements Project"

This category contains only the following file.