Difference between revisions of "OWASP Security Baseline Project"

From OWASP
Jump to: navigation, search
(Created page with '==== Main ==== ==== Project About ==== {{:Projects/OWASP Security Baseline Project | Project About}} __NOTOC__ <headertabs /> [[Category:OWASP_Project|Security Baseline Proj…')
 
 
Line 1: Line 1:
 
==== Main  ====
 
==== Main  ====
 +
 +
<br>
 +
== Project Description ==
 +
 +
* Benchmark security of enterprise products/services against OWASP Top 10 (and other) Security Risks
 +
 +
* Open and comprehensive security assessments of enterprise products/services
 +
 +
* Guidance/support for vendor-independent security verification of enterprise products/services
 +
<br>
 +
 +
== Project Goals ==
 +
 +
* Establishing an OWASP community which actively identifies products/services and devises suitable security test plans
 +
 +
* actively identify => use/work with/test/research it
 +
 +
* Benchmarking security of tested solutions using OWASP security guidelines and tools (OWASP Web Testing Environment/OWASP Live CD, etc), open-source testing tools
 +
* Collaborating with softwre vendors on improving security of assessed frameworks/products/services
 +
* Increasing awareness on available OWASP resources (guidelines, tools,etc)
 +
 +
 +
== Project Roadmap ==
 +
 +
Alpha
 +
* devise testing methodology mapping to OWASP Top 10 Security Risks, including test plan, techniques, tools, etc
 +
* establish disclosure policy
 +
 +
Beta
 +
* publish testing methodology
 +
* publish major case study
 +
* gather community support
 +
 +
Stable
 +
* assess major products/services and publish the outcome
 +
* collaborate with vendors to improve security of assessed solutions
 +
* framework in pace for assessing other classes of products/services
 +
* coordinate and publish community-validated results
 +
 +
 +
== Work in Progress ==
 +
 +
* Benchmarking Enterprise E-mail Security Solutions (including Google Message Security SaaS)
 +
* Benchmarking Enterprise Social Networking Platforms
 +
* ...
 +
 +
 +
== Call for Participation ==
 +
 +
Anyone with an interest in improving application security
 +
* Security Engineers
 +
* Security Analysts
 +
* Penetration Testers
 +
* Security Researchers
 +
* Software Developers
 +
*…
 +
 +
  If you find an issue, don’t stop testing! There is a very good chance there are few more :)
 +
 +
  
 
==== Project About ====
 
==== Project About ====

Latest revision as of 05:10, 10 June 2011

Main


Project Description

  • Benchmark security of enterprise products/services against OWASP Top 10 (and other) Security Risks
  • Open and comprehensive security assessments of enterprise products/services
  • Guidance/support for vendor-independent security verification of enterprise products/services


Project Goals

  • Establishing an OWASP community which actively identifies products/services and devises suitable security test plans
  • actively identify => use/work with/test/research it
  • Benchmarking security of tested solutions using OWASP security guidelines and tools (OWASP Web Testing Environment/OWASP Live CD, etc), open-source testing tools
  • Collaborating with softwre vendors on improving security of assessed frameworks/products/services
  • Increasing awareness on available OWASP resources (guidelines, tools,etc)


Project Roadmap

Alpha

  • devise testing methodology mapping to OWASP Top 10 Security Risks, including test plan, techniques, tools, etc
  • establish disclosure policy

Beta

  • publish testing methodology
  • publish major case study
  • gather community support

Stable

  • assess major products/services and publish the outcome
  • collaborate with vendors to improve security of assessed solutions
  • framework in pace for assessing other classes of products/services
  • coordinate and publish community-validated results


Work in Progress

  • Benchmarking Enterprise E-mail Security Solutions (including Google Message Security SaaS)
  • Benchmarking Enterprise Social Networking Platforms
  • ...


Call for Participation

Anyone with an interest in improving application security

  • Security Engineers
  • Security Analysts
  • Penetration Testers
  • Security Researchers
  • Software Developers
 If you find an issue, don’t stop testing! There is a very good chance there are few more :) 


Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Security Baseline Project (home page)
Purpose: This projects aims to benchmark the security of various enterprise security products/services against OWASP Top 10 risks. Comprehensive assessing security of enterprise products/services, the OWASP Security Baseline initiative will (eventually) lead to vendor-independent security certified solutions.
License: Creative Commons Attribution ShareAlike 3.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases