Difference between revisions of "OWASP ISO IEC 27034 Application Security Controls Project"

From OWASP
Jump to: navigation, search
Line 6: Line 6:
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
==OWASP XXX==
+
==OWASP ISO/IEC 27034 Application Security Controls Project==
  
OWASP XXX is...
+
OWASP ISO/IEC 27034 Application Security Controls Project is an effort to do the conversion of OWASP related documentations and best practices, such as the OWASP Top 10, in Application Security Controls (ASCs) as defined in ISO/IEC 27034. This will enable 27034 stakeholders to use formal structure of OWASP content.
  
==Introduction==
+
==Introduction to ISO/IEC 27034==
  
Write a short introduction
+
ISO/IEC 27034 offers guidance on information security to those specifying, designing/programming or procuring, implementing and using application systems, in other words business and IT managers, developers and auditors, and ultimately the end-users of application systems.  The aim is to ensure that computer applications deliver the desired/necessary level of security in support of the organization’s Information Security Management System.
  
 +
It is aimed at architects, analysts, programmers, testers, IT Team, DBA, Admins, etc., who need to know what and when Application Security Controls should be applied, integrate Application Security Controls in their activities, meet the requirements of the Application Security Controls associated measurements, get access to tools and best practices and facilitate peer review.
  
 +
It can also be used by auditors, in order to know the scope and process of verification measurements for the corresponding Application Security Controls, make audit results repeatable, identify a list of verification measurements which can generate supporting evidence to demonstrate that the application has reached the required level of trust authorized by the management and standardize the application security verification.
  
==Description==
+
27034 is based upon the following key principles:
 +
* Security is a requirement
 +
* Application security is context-dependent
 +
* Appropriate investment for application security
 +
* Application security must be demonstrated
  
Write a description that is just a few paragraphs long
+
http://www.iso27001security.com/html/27034.html
 +
 
 +
==Description of the OWASP project==
 +
 
 +
ISO/IEC 27034 do not propose any Application Security Controls by itself, nor any coding/testing best practices. OWASP is a good match to 27034 because it is proposing many best practices and technical details that can be used to create ASCs.
 +
 
 +
At the beginning of our roadmap, the focus will be upon the conversion of the latest OWASP Top 10 into ASCs.
  
  
 
==Licensing==
 
==Licensing==
OWASP XXX is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
OWASP ISO/IEC 27034 Application Security Controls are free to use. It is licensed under the GNU LGPL v3 License (http://www.gnu.org/licenses/lgpl.html) that is similar to GPL but modified for use with libraries that may be called by other proprietary programs.
  
  
Line 42: Line 54:
  
  
== Project Leader ==
+
== Project Co-Leaders ==
  
Project leader's name
+
* Luc Poulin
 +
* Jonathan Marcil
  
  
 
== Related Projects ==
 
== Related Projects ==
  
* [[OWASP_CISO_Survey]]
+
* [[OWASP_Top_Ten_Project]]
  
  

Revision as of 21:06, 6 January 2014

[edit]

OWASP Project Header.jpg

OWASP ISO/IEC 27034 Application Security Controls Project

OWASP ISO/IEC 27034 Application Security Controls Project is an effort to do the conversion of OWASP related documentations and best practices, such as the OWASP Top 10, in Application Security Controls (ASCs) as defined in ISO/IEC 27034. This will enable 27034 stakeholders to use formal structure of OWASP content.

Introduction to ISO/IEC 27034

ISO/IEC 27034 offers guidance on information security to those specifying, designing/programming or procuring, implementing and using application systems, in other words business and IT managers, developers and auditors, and ultimately the end-users of application systems. The aim is to ensure that computer applications deliver the desired/necessary level of security in support of the organization’s Information Security Management System.

It is aimed at architects, analysts, programmers, testers, IT Team, DBA, Admins, etc., who need to know what and when Application Security Controls should be applied, integrate Application Security Controls in their activities, meet the requirements of the Application Security Controls associated measurements, get access to tools and best practices and facilitate peer review.

It can also be used by auditors, in order to know the scope and process of verification measurements for the corresponding Application Security Controls, make audit results repeatable, identify a list of verification measurements which can generate supporting evidence to demonstrate that the application has reached the required level of trust authorized by the management and standardize the application security verification.

27034 is based upon the following key principles:

  • Security is a requirement
  • Application security is context-dependent
  • Appropriate investment for application security
  • Application security must be demonstrated

http://www.iso27001security.com/html/27034.html

Description of the OWASP project

ISO/IEC 27034 do not propose any Application Security Controls by itself, nor any coding/testing best practices. OWASP is a good match to 27034 because it is proposing many best practices and technical details that can be used to create ASCs.

At the beginning of our roadmap, the focus will be upon the conversion of the latest OWASP Top 10 into ASCs.


Licensing

OWASP ISO/IEC 27034 Application Security Controls are free to use. It is licensed under the GNU LGPL v3 License (http://www.gnu.org/licenses/lgpl.html) that is similar to GPL but modified for use with libraries that may be called by other proprietary programs.


What is XXX?

OWASP XXX provides:

  • xxx
  • xxx


Presentation

Link to presentation



Project Co-Leaders

  • Luc Poulin
  • Jonathan Marcil


Related Projects


Quick Download

  • Link to page/download


News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


In Print

This project can be purchased as a print on demand book from Lulu.com


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Q1
A1
Q2
A2

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

As of XXX, the priorities are:

  • xxx
  • xxx
  • xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP ISO/IEC 27034 Application Security Controls Project
Purpose: Conversion of OWASP related documentations and best practices, such as the OWASP Top 10, in Application Security Controls (ASCs) as defined in ISO/IEC 27034. This will enable 27034 stakeholders to use formal structure of OWASP content.
License: GNU LGPL v3 License (similar to GPL but modified for use with libraries that may be called by other proprietary programs)
who is working on this project?
Project Leader(s):
  • Jonathan Marcil @
  • Luc Poulin @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Jonathan Marcil @ to contribute to this project
  • Contact Jonathan Marcil @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases