Category:OWASP Application Security Requirements Project
OWASP believe that clearly articulating project-agnostic web application security requirements—providing both high-level/general and low-level/specific sine quibus non—is the best way to ensure that software is developed with strong, robust, yet workable security guidance.
- The intent of this project is to assemble a useful base of generic/common web application security requirements that could be used in most projects.
- The product of this project is intended to help all involved in web application security, whether it is project management, risk assessment, software development, testing, etc.
- The reason d'etre of this project is that, whilst security requirements are sometimes well captured and clearly defined, there are other times when they are not, for any number of reasons.
- Requirements, use-cases, and user stories will tend to be business-focused. In other words, requirements will be developed more for the consumption of Business Analysts and Project Managers rather than hard-core code warriors.
Joining the Project
If you are interested in volunteering for the project, or just have a comment or question, please join the OWASP AppSec Requirements mailing list.
This project was initiated around September of 2007 under the management of Jamie Fisher. The project was rechartered in August of 2008. The interim project manager was Matthew Chalmers. Current project manager is Luis Martinez Bacha.
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
Media in category "OWASP Application Security Requirements Project"
This category contains only the following file.