OWASP Security Baseline Project

Project Description

 * Benchmark security of enterprise products/services against OWASP Top 10 (and other) Security Risks


 * Open and comprehensive security assessments of enterprise products/services


 * Guidance/support for vendor-independent security verification of enterprise products/services

Project Goals

 * Establishing an OWASP community which actively identifies products/services and devises suitable security test plans


 * actively identify => use/work with/test/research it


 * Benchmarking security of tested solutions using OWASP security guidelines and tools (OWASP Web Testing Environment/OWASP Live CD, etc), open-source testing tools
 * Collaborating with software vendors on improving security of assessed frameworks/products/services
 * Increasing awareness on available OWASP resources (guidelines, tools,etc)

Project Roadmap
Alpha
 * devise testing methodology mapping to OWASP Top 10 Security Risks, including test plan, techniques, tools, etc
 * establish disclosure policy

Beta
 * publish testing methodology
 * publish major case study
 * gather community support

Stable
 * assess major products/services and publish the outcome
 * collaborate with vendors to improve security of assessed solutions
 * framework in pace for assessing other classes of products/services
 * coordinate and publish community-validated results

Work in Progress

 * Benchmarking Enterprise E-mail Security Solutions (including Google Message Security SaaS)
 * Benchmarking Enterprise Social Networking Platforms

Call for Participation
Anyone with an interest in improving application security
 * Security Engineers
 * Security Analysts
 * Penetration Testers
 * Security Researchers
 * Software Developers

If you find an issue, don’t stop testing! There is a very good chance there are few more :)