This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Product Requirement Recommendations Library"
KateHartmann (talk | contribs) (Created page with "=Main= <!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</...") |
|||
(6 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
=Main= | =Main= | ||
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | <!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | ||
− | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[ | + | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div> |
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | <!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
− | |||
− | |||
− | |||
− | |||
− | |||
==The OWASP Product Requirement Recommendations Library== | ==The OWASP Product Requirement Recommendations Library== | ||
− | <!-- | + | <!-- |
− | + | This is where you need to add your more robust project description. A project description should outline the purpose of the project, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, and project leaders should ensure that the description is meaningful. | |
− | + | --> | |
− | |||
− | |||
+ | The OWASP Product Requirement Recommendations Library (PRRL) is a list of best practice recommended security product requirements that can be easily used for new web application definition and User Acceptance Testing (UAT) criteria. | ||
==Description== | ==Description== | ||
− | The OWASP | + | The objectives of OWASP PRRL are to: |
+ | <ul> | ||
+ | <li>Improve end-product security design | ||
+ | <li>Enable efficient application security consideration and definition in early PDLC phases Scoping and Design. | ||
+ | <ul> | ||
+ | <li>Reduce time and resource needs for project AppSec requirements discovery and definitions | ||
+ | </ul> | ||
+ | <li>Improve application development and testing estimations for security best practice and regulatory compliance | ||
+ | <li>Establish an industry recognized best practice benchmark standard that can be used evaluate application security designs | ||
+ | <li>Make OWASP recommendations more accessible to business/non-technical stakeholders | ||
+ | </ul> | ||
==Licensing== | ==Licensing== | ||
Line 32: | Line 36: | ||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
− | == What is | + | == What is PRRL? == |
− | + | <!-- | |
− | <!-- | + | Here you should add a short description of what your project actually does. What is the primary goal of your project, and why is it important? |
− | |||
− | |||
− | |||
− | |||
The end goal is to identify, cite, and document the fundamental principles of information security. Once this is well organised, I think it would be great to publish this through the [http://scriptogr.am/dennis-groves/post/owasp-press OWASP Press]. Of course, it will always remain freely available, and any money collected will go directly into the project to absorb costs with any remaining funds going to the OWASP Foundation. | The end goal is to identify, cite, and document the fundamental principles of information security. Once this is well organised, I think it would be great to publish this through the [http://scriptogr.am/dennis-groves/post/owasp-press OWASP Press]. Of course, it will always remain freely available, and any money collected will go directly into the project to absorb costs with any remaining funds going to the OWASP Foundation. | ||
+ | This document should serve as a guide to technical architects and designers outlining the fundamental principles of security. | ||
+ | --> | ||
− | + | OWASP PRRL is working to develop: | |
+ | <ul> | ||
+ | <li>OWASP Product Requirement Recommendations Library (PRRL) | ||
+ | <li>Best Practice Application Security Work Flow Process Diagrams | ||
+ | <li>Requirements Categorizations Taxonomy: Application Functionality, Risks, Controls | ||
+ | <li>Application and Content Security Best Practices Resources Links | ||
+ | </ul> | ||
== Presentation == | == Presentation == | ||
− | * | + | * [http://www.slideshare.net/rgrupe/owasp-prrl-overview Project Overview] |
− | |||
== Project Leader == | == Project Leader == | ||
− | |||
* [mailto:[email protected] Robert Grupe] | * [mailto:[email protected] Robert Grupe] | ||
− | |||
== Related Projects == | == Related Projects == | ||
− | + | * [https://www.owasp.org/index.php/Category:OWASP_Guide_Project OWASP Developer Guide] | |
− | + | * [https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project OWASP Application Security Verification Standard] | |
− | + | * [https://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Project] | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | <!-- Unused Section | ||
+ | Openhub | ||
+ | --> | ||
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | <!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | ||
| valign="top" style="padding-left:25px;width:200px;" | | | valign="top" style="padding-left:25px;width:200px;" | | ||
− | == Quick Download == | + | ==Quick Download== |
− | + | <ul> | |
− | < | + | <li>Coming 2015Q1: 1st draft of OWASP (PRRL) |
− | < | + | </ul> |
− | + | <!-- Unused Sections | |
− | </ | + | In Print |
− | + | This is where you place links to where your project product can be downloaded or purchased, in the case of a book. | |
− | + | --> | |
− | |||
− | |||
− | |||
− | <!-- | ||
− | |||
− | |||
− | |||
− | |||
− | |||
==Classifications== | ==Classifications== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
Line 109: | Line 98: | ||
=FAQs= | =FAQs= | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==How can I participate in your project?== | ==How can I participate in your project?== | ||
Line 120: | Line 103: | ||
==If I am not a programmer can I participate in your project?== | ==If I am not a programmer can I participate in your project?== | ||
− | Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for | + | Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for contributors who are interested in researching and writing product requirements based on international security standards and legal and regulatory requirements (personal data protection, PCI, HIPAA, etc.). |
= Acknowledgements = | = Acknowledgements = | ||
Line 126: | Line 109: | ||
==Contributors== | ==Contributors== | ||
− | <!-- | + | <!-- |
<span style="color:#ff0000"> | <span style="color:#ff0000"> | ||
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. | The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. | ||
Line 132: | Line 115: | ||
Be sure to provide a link to a complete list of all the amazing people in your project's community as well. | Be sure to provide a link to a complete list of all the amazing people in your project's community as well. | ||
</span> | </span> | ||
+ | --> | ||
− | The OWASP | + | The OWASP Product Requirements Recommendations Library project is a new project to be developed by a pioneering worldwide team of volunteers. |
− | The first contributors to the project | + | The first contributors to the project have been: |
− | * [https://www.owasp.org/index.php/User: | + | <!-- * [https://www.owasp.org/index.php/User:Robert_Grupe Robert Grupe] --> |
− | * [ | + | * [http://www.rgrupe.com Robert Grupe] |
− | |||
* '''YOUR NAME BELONGS HERE''' | * '''YOUR NAME BELONGS HERE''' | ||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
− | 2014Q4: Start-Up Initiation | + | <ul><b>2014Q4/2015Q1: Start-Up Initiation</b> |
− | Goals | + | <li>Goals |
− | + | <ul> | |
− | + | <li>Proposed Project Approval | |
− | + | <li>Recruitment | |
− | + | <li>Categorisation Taxonomy 1st Draft | |
− | Planning | + | <li>PRRD 1st Draft |
− | + | </ul> | |
− | + | <li>Planning | |
− | Promotion | + | <ul> |
− | + | <li>Initial Project Backlog | |
− | + | <li>Plan/Roadmap/Sprints | |
− | + | </ul> | |
− | + | <li>Promotion | |
− | + | <ul> | |
− | Research | + | <li>OWASP Wiki Page |
− | + | <li>PPT on SlideShare | |
− | + | <li>OWASP Mail List | |
− | + | <li>LinkedIn | |
+ | <li>NewsBits | ||
+ | </ul> | ||
+ | <li>Research | ||
+ | <ul> | ||
+ | <li>Collaboration platform | ||
+ | <li>WebApp Security Controls Categorisation Taxonomy | ||
+ | <li>WebApp Functionality Taxonomy | ||
+ | </ul> | ||
+ | </ul> | ||
− | + | <ul><b>2015Q2: Execution Kickoff</b> | |
− | + | <li>OWASP Cheat sheets in PPRD | |
− | + | <li>1st Quarterly Release | |
− | + | <li>Partners & Sponsors | |
− | + | <li>Promotion: PR | |
+ | </ul> | ||
+ | |||
+ | <ul><b>2015-Next:</b> | ||
+ | <li>Mobile Web App Version | ||
+ | <li>Regulatory Requirements | ||
+ | <li>Etc. | ||
+ | </ul> | ||
− | |||
− | |||
− | |||
− | |||
=Project About= | =Project About= | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
{{:Projects/OWASP_Example_Project_About_Page}} | {{:Projects/OWASP_Example_Project_About_Page}} |
Latest revision as of 12:05, 19 May 2015
How can I participate in your project?
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.
If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for contributors who are interested in researching and writing product requirements based on international security standards and legal and regulatory requirements (personal data protection, PCI, HIPAA, etc.).
Contributors
The OWASP Product Requirements Recommendations Library project is a new project to be developed by a pioneering worldwide team of volunteers.
The first contributors to the project have been:
- Robert Grupe
- YOUR NAME BELONGS HERE
- 2014Q4/2015Q1: Start-Up Initiation
- Goals
- Proposed Project Approval
- Recruitment
- Categorisation Taxonomy 1st Draft
- PRRD 1st Draft
- Planning
- Initial Project Backlog
- Plan/Roadmap/Sprints
- Promotion
- OWASP Wiki Page
- PPT on SlideShare
- OWASP Mail List
- NewsBits
- Research
- Collaboration platform
- WebApp Security Controls Categorisation Taxonomy
- WebApp Functionality Taxonomy
- 2015Q2: Execution Kickoff
- OWASP Cheat sheets in PPRD
- 1st Quarterly Release
- Partners & Sponsors
- Promotion: PR
- 2015-Next:
- Mobile Web App Version
- Regulatory Requirements
- Etc.
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|