OWASP Product Requirement Recommendations Library

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The OWASP Product Requirement Recommendations Library
The OWASP Product Requirement Recommendations Library (PRRL) is a list of best practice recommended security product requirements that can be easily used for new web application definition and User Acceptance Testing (UAT) criteria.

Description
The objectives of OWASP PRRL are to:  Improve end-product security design Enable efficient application security consideration and definition in early PDLC phases Scoping and Design.  Reduce time and resource needs for project AppSec requirements discovery and definitions  Improve application development and testing estimations for security best practice and regulatory compliance Establish an industry recognized best practice benchmark standard that can be used evaluate application security designs Make OWASP recommendations more accessible to business/non-technical stakeholders 

Licensing
Creative Commons Attribution ShareAlike 3.0


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is PRRL?
OWASP PRRL is working to develop:  OWASP Product Requirement Recommendations Library (PRRL) Best Practice Application Security Work Flow Process Diagrams Requirements Categorizations Taxonomy: Application Functionality, Risks, Controls Application and Content Security Best Practices Resources Links </ul>

Presentation

 * Project Overview

Project Leader

 * [mailto:robert@rgrupe.com Robert Grupe]

Related Projects

 * OWASP Developer Guide
 * OWASP Application Security Verification Standard
 * OWASP Testing Project


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download
 <li>Coming 2015Q1: 1st draft of OWASP (PRRL) </ul>

Classifications

 * }

=FAQs=

How can I participate in your project?
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for contributors who are interested in researching and writing product requirements based on international security standards and legal and regulatory requirements (personal data protection, PCI, HIPAA, etc.).

= Acknowledgements =

Contributors
The OWASP Product Requirements Recommendations Library project is a new project to be developed by a pioneering worldwide team of volunteers.

The first contributors to the project have been:


 * Robert Grupe
 * YOUR NAME BELONGS HERE

= Road Map and Getting Involved =

2014Q4/2015Q1: Start-Up Initiation <li>Goals  <li>Proposed Project Approval <li>Recruitment <li>Categorisation Taxonomy 1st Draft <li>PRRD 1st Draft </ul> <li>Planning  <li>Initial Project  Backlog <li>Plan/Roadmap/Sprints </ul> <li>Promotion  <li>OWASP Wiki Page <li>PPT on SlideShare <li>OWASP Mail List <li>LinkedIn <li>NewsBits </ul> <li>Research  <li>Collaboration platform <li>WebApp Security Controls Categorisation Taxonomy <li>WebApp Functionality Taxonomy </ul> </ul>

2015Q2: Execution Kickoff <li>OWASP Cheat sheets in PPRD <li>1st Quarterly Release <li>Partners & Sponsors <li>Promotion: PR </ul>

2015-Next: <li>Mobile Web App Version <li>Regulatory Requirements <li>Etc. </ul>

=Project About=