OWASP Framework Security Project

=Main=

Project Goal
The OWASP Framework Security Project focuses on understanding missing security controls within popular frameworks, and coordinating with developers and the framework leaders to effectively integrate the missing security controls. This project requires the collaboration between security experts, security minded developers, and framework developers and leaders. The primary deliverable of this project is source code that is accepted into frameworks. The OWASP Framework Security Project will maintain documentation to indicate with security controls have been accepted, and links to code and documentation at each framework. For more information, please contact the Project leader, Michael Coates.

How To Help
Important - Please join the mailing list!


 * Framework Developers - We need your help to build the security controls that will get accepted upstream into the framework. You have the best knowledge on development practices, code style, and knowledge of the framework to get new code accepted.


 * Security Professionals - We need you to help research and catalog available security controls in various frameworks. Our goal is to produce and clear matrix of available and missing security controls by framework.


 * Framework Leaders - Do you lead a key portion of a framework? Let's work together to understand the best way to get new security controls added.


 * A little of both? Please help in either area!

Roadmap

 * 1) Research - Capture popular frameworks and status of security controls. See Frameworks & Security Controls Tab. Please add in security controls and frameworks!
 * 2) Outreach & Development - We need to work with framework owners and experienced developers to get specific security controls added to the framework

= Standards =

TODO: What these standards are all about

Mature Standards
TODO

Standards in Development

 * Secure LDAP API Standard

= Evaluations =

TODO: For each of our mature standards, a break-down of how platforms/frameworks measure up

= Contributing =

TODO: various HOWTOs on helping out with standards, evaluations, and outreach

= Frameworks & Security Controls =

TODO: integrate this into more specific standards and then remove the tab

=Project About=