This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Security Baseline Project

Revision as of 23:51, 7 April 2016 by Rdpatino (talk | contribs) (Project Goals)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

OWASP Inactive Banner.jpg


Project Description

  • Benchmark security of enterprise products/services against OWASP Top 10 (and other) Security Risks
  • Open and comprehensive security assessments of enterprise products/services
  • Guidance/support for vendor-independent security verification of enterprise products/services

Project Goals

  • Establishing an OWASP community which actively identifies products/services and devises suitable security test plans
  • actively identify => use/work with/test/research it
  • Benchmarking security of tested solutions using OWASP security guidelines and tools (OWASP Web Testing Environment/OWASP Live CD, etc), open-source testing tools
  • Collaborating with software vendors on improving security of assessed frameworks/products/services
  • Increasing awareness on available OWASP resources (guidelines, tools,etc)

Project Roadmap


  • devise testing methodology mapping to OWASP Top 10 Security Risks, including test plan, techniques, tools, etc
  • establish disclosure policy


  • publish testing methodology
  • publish major case study
  • gather community support


  • assess major products/services and publish the outcome
  • collaborate with vendors to improve security of assessed solutions
  • framework in pace for assessing other classes of products/services
  • coordinate and publish community-validated results

Work in Progress

  • Benchmarking Enterprise E-mail Security Solutions (including Google Message Security SaaS)
  • Benchmarking Enterprise Social Networking Platforms
  • ...

Call for Participation

Anyone with an interest in improving application security

  • Security Engineers
  • Security Analysts
  • Penetration Testers
  • Security Researchers
  • Software Developers
 If you find an issue, don’t stop testing! There is a very good chance there are few more :) 

Project About

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Security Baseline Project (home page)
Purpose: This projects aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks. Comprehensive assessing security of enterprise products/services, the OWASP Security Baseline initiative will (eventually) lead to vendor-independent security certified solutions.
License: Creative Commons Attribution ShareAlike 3.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases