Difference between revisions of "Category:OWASP Application Security Requirements Project"

From OWASP
Jump to: navigation, search
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{| style="width:100%" border="0" align="center"
+
==== Main ====
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT IDENTIFICATION'''
+
<!--- [[:Category:OWASP Project|Click here to return to OWASP Projects page.]]
  |-
+
[[:Project Information:template Application Security Requirements Project|Click here to see (& edit, if wanted) the template.]]  
| style="width:15%; background:#7B8ABD" align="center"|'''Project Name'''
+
{{:Project Information:template Application Security Requirements Project}}---->
| colspan="6" style="width:85%; background:#cccccc" align="left"|<font color="black">'''OWASP Application Security Requirements Project'''
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''
+
| colspan="6" style="width:85%; background:#cccccc" align="left"|
+
* The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
+
* The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
+
* The ''reason d'etre'' of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
+
| style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:matthew.chalmers(at)owasp.org '''Matthew Chalmers''']
+
| style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+
| style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-appsec-requirements '''Mailing List/Subscribe''']<br>[mailto:owasp-appsec-requirements(at)lists.owasp.org '''Mailing List/Use''']
+
| style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:name(at)name '''Name''']<br>
+
| style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:name(at)name '''Name''']
+
| style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''PROJECT MAIN LINKS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
Repository on "Google Code" [http://code.google.com/]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''RELATED PROJECTS'''
+
|-
+
| style="width:100%; background:#cccccc" align="center"|
+
*
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="6" align="center" style="background:#4058A0; color:white"|<font color="white">'''SPONSORS & GUIDELINES'''
+
|-
+
| style="width:50%; background:#cccccc" align="center"|Sponsor name, if applicable 
+
| style="width:50%; background:#cccccc" align="center"|[[:Category:OWASP Application Security Requirements Project RoadMap|'''Project Guidelines/Roadmap''']]
+
|}
+
{| style="width:100%" border="0" align="center"
+
! colspan="5" align="center" style="background:#4058A0; color:white"|ASSESSMENT AND REVIEW PROCESS
+
|-
+
| style="width:15%; background:#6C82B5" align="center"|'''Review/Reviewer'''
+
| style="width:21%; background:#b3b3b3" align="center"|'''Author's Self Evaluation'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''First Reviewer'''<br>(applicable for Alpha Quality & further)
+
| style="width:21%; background:#b3b3b3" align="center"|'''Second Reviewer'''<br>(applicable for Beta Quality & further)
+
| style="width:22%; background:#b3b3b3" align="center"|'''OWASP Board Member'''<br>(applicable just for Release Quality)
+
|-
+
| style="width:15%; background:#7B8ABD" align="center"|'''First Review'''
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Not yet''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Status''' - (To update)<br>---------<br>[[Project Information:template Application Security Requirements Project - First Review - Self Evaluation - A|See&Edit: First Review/SelfEvaluation (A)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Not yet''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Status''' - (To update)<br>---------<br>[[Project Information:template Application Security Requirements Project - First Review - First Reviewer - B|See&Edit: First Review/1st Reviewer (B)]]
+
| style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Status''' - (To update)<br>---------<br>[[Project Information:template Application Security Requirements Project - First Review - Second Reviewer - C|See&Edit: First Review/2nd Reviewer (C)]]
+
| style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Alpha Status''' - (To update)<br>---------<br>[[Project Information:template Application Security Requirements Project - First Review - OWASP Board Member - D|See/Edit: First Review/Board Member (D)]]
+
|-
+
|}
+
 
+
  
 
==Overview==
 
==Overview==
 
OWASP believe that clearly articulating project-agnostic web application security requirements&mdash;providing both high-level/general and low-level/specific ''sine quibus non''&mdash;is the best way to ensure that software is developed with strong, robust, yet workable security guidance.
 
OWASP believe that clearly articulating project-agnostic web application security requirements&mdash;providing both high-level/general and low-level/specific ''sine quibus non''&mdash;is the best way to ensure that software is developed with strong, robust, yet workable security guidance.
 
 
* The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
 
* The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
 
* The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
 
* The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
 
* The ''reason d'etre'' of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
 
* The ''reason d'etre'' of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
 +
* Requirements, use-cases, and user stories will tend to be business-focused.  In other words, requirements will be developed more for the consumption of Business Analysts and Project Managers rather than hard-core code warriors.
 +
 +
==Can't seem to edit the "Project Main Links" section so here are some links==
 +
[[High Level Requirements Categories]]
 +
 +
[[Tips for using the project's requirements, use-cases, and user stories]]
 +
 +
[[Other really good requirements that aren't generic enough to be part of the project but that might be what you're looking for in YOUR environment]]
 +
 +
[[Useful links to real-world examples of failed web security]]
  
 
==Joining the Project==
 
==Joining the Project==
Line 66: Line 24:
  
 
==Project Administrivia==
 
==Project Administrivia==
This project was initiated around September of 2007 under the management of Jamie Fisher. The project was rechartered in August of 2008. The interim project manager is [[User:Mchalmers|Matthew Chalmers]].
+
This project was initiated around September of 2007 under the management of Jamie Fisher. The project was rechartered in August of 2008. The interim project manager was [[User:Mchalmers|Matthew Chalmers]]. Current project manager is [[User:Luis Armando Martinez Bacha|Luis Martinez Bacha]].
 +
 
 +
==== Project About  ====
 +
 
 +
{{:Projects/OWASP Application Security Requirements Project | Project About}}
 +
 
 +
<br> __NOTOC__ <headertabs />
  
[[Category:OWASP Project]]
+
[[Category:OWASP_Document]] [[Category:OWASP_Alpha_Quality_Document]]
 +
[[Category:OWASP Project|Application Security Requirements Project]]

Revision as of 11:12, 21 September 2011

Main

Overview

OWASP believe that clearly articulating project-agnostic web application security requirements—providing both high-level/general and low-level/specific sine quibus non—is the best way to ensure that software is developed with strong, robust, yet workable security guidance.

  • The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
  • The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
  • The reason d'etre of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
  • Requirements, use-cases, and user stories will tend to be business-focused. In other words, requirements will be developed more for the consumption of Business Analysts and Project Managers rather than hard-core code warriors.

Can't seem to edit the "Project Main Links" section so here are some links

High Level Requirements Categories

Tips for using the project's requirements, use-cases, and user stories

Other really good requirements that aren't generic enough to be part of the project but that might be what you're looking for in YOUR environment

Useful links to real-world examples of failed web security

Joining the Project

If you are interested in volunteering for the project, or just have a comment or question, please join the OWASP AppSec Requirements mailing list.

Project Administrivia

This project was initiated around September of 2007 under the management of Jamie Fisher. The project was rechartered in August of 2008. The interim project manager was Matthew Chalmers. Current project manager is Luis Martinez Bacha.

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Application Security Requirements Project (home page)
Purpose: To assemble a useful base of generic security requirements that could be used in most applications.
License: Creative Commons Attribution ShareAlike 3.0 license
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

Media in category "OWASP Application Security Requirements Project"

This category contains only the following file.