This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Software Security Assurance Process

From OWASP
Jump to: navigation, search


OWASP Inactive Banner.jpg
OWASP Project Header.jpg

The OWASP Software Security Assurance Process (OSSAP) main intent is to embed security in the software development lifecycle (SDLC). OSSAP reduces the possibility of requirement oversights, design flaws, implementation bugs and deployment configuration mistakes during the SDLC. This project outlines mandatory and recommended processes and practices to manage risks associated with applications. What is exactly Software Assurance? Software assurance is defined as the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. Reference: mitre.org

OWASP Software Security Assurance Process

The OWASP Software Security Assurance Process (OSSAP) main intent is to embed security in the software development lifecycle (SDLC). OSSAP reduces the possibility of requirement oversights, design flaws, implementation bugs and deployment configuration mistakes during the SDLC. This project outlines mandatory and recommended processes and practices to manage risks associated with applications. What is exactly Software Assurance? Software assurance is defined as the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. Reference: mitre.org

Introduction

The OWASP Software Security Assurance Process (OSSAP) main intent is to embed security in the software development lifecycle (SDLC). OSSAP reduces the possibility of requirement oversights, design flaws, implementation bugs and deployment configuration mistakes during the SDLC. This project outlines mandatory and recommended processes and practices to manage risks associated with applications. What is exactly Software Assurance? Software assurance is defined as the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. Reference: mitre.org


Description

The OWASP Software Security Assurance Process (OSSAP) main intent is to embed security in the software development lifecycle (SDLC). OSSAP reduces the possibility of requirement oversights, design flaws, implementation bugs and deployment configuration mistakes during the SDLC. This project outlines mandatory and recommended processes and practices to manage risks associated with applications. What is exactly Software Assurance? Software assurance is defined as the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. Reference: mitre.org

  • Software Security Integration in the SDLC Process
  • Security Requirements Identification Process
  • Design Security Review Process
  • Architecture Security Review Process
  • Security Code Review Process
  • Security Testing Process
  • Deployment Security Review Process
  • Release Security Review Process

Licensing

OWASP Software Security Assurance Process is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is OSSAP?

OWASP OSSAP provides the following processess details:

  • Software Security Integration in the SDLC Process
  • Security Requirements Identification Process
  • Design Security Review Process
  • Architecture Security Review Process
  • Security Code Review Process
  • Security Testing Process
  • Deployment Security Review Process
  • Release Security Review Process


Presentation

Link to presentation



Project Leaders


Related Projects


Quick Download

  • TBD


News and Events

In Print

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
Q1
A1
Q2
A2

Volunteers

OSSAP is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Mateo Martinez
  • Martin Pellegrino

Others

As of XXX, the priorities are to generate, review and publish:

  • Software Security Integration in the SDLC Process
  • Security Requirements Identification Process
  • Design Security Review Process
  • Architecture Security Review Process
  • Security Code Review Process
  • Security Testing Process
  • Deployment Security Review Process
  • Release Security Review Process

Involvement in the development and promotion of OSSAP is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Writing Processess
  • Generating Case Study
  • Translating OSSAP to other languages


{{Template:{{{1}}} | project_name = OWASP Software Security Assurance Process | project_home_page = OWASP Software Security Assurance Process

| project_description = To outlines mandatory and recommended processes and practices to manage risks associated with applications. Software Security is equally dependent on people, processes and technology. The effectiveness of the OWASP Software Security Process is continuously measured and is improved through feedback, threat landscape changes, availability of new concepts and tools. Should be the framework to map Requirements, Dev and Testing guidelines for example.

| project_license = Creative Commons Attribution ShareAlike 3.0 license

| leader_name1 = Mateo Martínez | leader_email1 = [email protected] | leader_username1 = Mateo Martínez

| contributor_name1 = Martin Pellegrino | contributor_email1 = | contributor_username1 = Martin Pellegrino

| pamphlet_link =

| presentation_link =

| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-software-security-assurance-process

| project_road_map = http://www.owasp.org/index.php/OWASP_Software_Security_Assurance_Process/Roadmap

| links_url[1-10] = | links_name[1-10] =

| release_1 = To be launched yet | release_2 = | release_3 = | release_4 = | project_about_page = Projects/OWASP Software Security Assurance Process }}