This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

RFO Web Design

Revision as of 09:28, 24 August 2011 by Raesene (talk | contribs)

Jump to: navigation, search
Request for OPEN Quotations (RFO-Q)
For Website Redesign

The Open Web Application Security Project (OWASP) is seeking competitive quotations for a web design project hereafter described. Contractors qualified to fulfill these requirements are invited to submit quotations subject to OWASP approval and email [email protected].


The OWASP Brochureware project is an initiative to produce a set of "marketing" pages to allow for key OWASP material to be laid out in a user-friendly and enable our customers to get this information easily. Whilst the wiki has proven to be a great resource for collaborative development, the complex structure of the site can leave new users confused about where to go to get the information they are interested in. The goal of the project is to have a series of templates which can be used by areas of OWASP, to create their own marketing pages which can be added in to this site.

Desired Deliverables

In terms of the desired look and feel, the intention is to create a modern clean look for the pages, whilst including the relevant information for users of the site to find key resources quickly

Wireframes for the front page and a sample secondary page have been created, along with a potential page structure. These are intended to provide rough ideas of how the site layout could work, not necessarily as absolute constraints.

In terms of the design, the final goal is to have HTML markup templates along with the relevant CSS and Javascript files. Additionally some image files are needed for specific areas of the site.

Initially the idea would be to get imaged based mockups back for approval and then once these are agreed, the full templates would be created.

The intention is that specific areas of the template will be marked out with sample text which will then allow OWASP to fill in with the relevant content.

2 different page templates are currently envisioned as being required

  • Home page template.
  • Standard Sub-Page.

In terms of the image files mentioned there are three “communities” of users who will be using the site, which have been called “builders”, “breakers” and “defenders”. For each of these communities we would like to have an image or icon which would be used in links relating to that community (for example on the home page the intention is that each of these communities would have a section in the middle of the page with their image and some descriptive text).

We’re open to ideas for these images, but they should form a consistent theme in terms of content and colors used. In terms of shape/size they should also fit in with the existing OWASP logo.

One idea would be to theme them along the lines of

  • Builder Color - Grey Image - Castle-based (eg, castle, portcullis etc)
  • Breaker - Color - Red Image - Sword or weapon based
  • Defender Color - Blue Image - Shield based

As mentioned, we’re open to exploring other themes for these images.

Additional Information

Original Proposal Document

Proposed Site Structure

Wireframe Design for Homepage

owasp-website Mailing List

Questions from Potential Contractors

  1. Q. Does OWASP have a budget set - if so, what is it?
    1. A. An indicative budget of $5000-$10000 has now been approved by the OWASP board (meeting minutes here )
  2. Q. What is the closing date for quotations?
    1. A. Goal is to be able to close quotations at the end of September (30th)
  3. Q. What will be the criteria for judging quotations, and who will be doing this?
    1. A. Ideally we'll assemble a *small* panel of OWASP leaders who are interested/experienced in this area to judge submissions. In terms of criteria, current thoughts are that it would be a combination of portfolio/track record (ie that the company has delivered good designs in the past), cost (that the company can deliver what's required within budget), how well the designs fit with the specification that's been provided by OWASP (existing and future design docs), and how well the proposal demonstrates an uderstanding of these requirements.
  4. Q. What are the expected timescales for the project once the successful contractor is appointed?
    1. A. Based on a number of iterations, current goal would be to complete the work within 8 weeks of successfully appointing a contractor
  5. Q.What criteria are being used to "approve" to mocks
    1. A. This would be along the lines of a) hopefully the same OWASP leaders who were involved in choosing the designer and b) agreeing that they meet the design as specified in the winning proposal.
  6. Q. How will the approval process work (dealing with comments from the whole of OWASP would add considerably to the project's overhead)
    1. A. Same approvals committee agree acceptance of deliverables.
  7. Q. Do the final templates have to work with any particular CMS?
    1. A. No. Pure HTML/JS/CSS is what we're looking for, to ease integration with existing OWASP infrastructure.