Category:OWASP Application Security Requirements Project

The intention of the OWASP Application Security Requirements project is to assemble a comprehensive list of generic (document) application security requirements that could be used in most projects.

The output of the guide is intended to help all involved in application security, whether its project management, risk assessment, development, testing, etc.

The reason for this project is that while security requirements are sometimes captured well and defined clearly, I feel there are other times when they may not, for any number of reasons.

OWASP believe that clearly articulating an application security requirements guide detailing both high-level and specific requirements is the best way to ensure that a strong, robust yet workable guide can become default in all aspects of application security.

Joining the Project
If you are interested in volunteering for the project, or have a comment, question, or suggestion, please join the Application Security Requirements mailing list.