Difference between revisions of "Project Information:template Application Security Verification Standard"

From OWASP
Jump to: navigation, search
 
(36 intermediate revisions by 5 users not shown)
Line 6: Line 6:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Project Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|This project is will address the above challenges as follows:
+
  | colspan="6" style="width:85%; background:#cccccc" align="left"|
* The applicant will define an evaluation framework that may be used to conduct OWASP Application Security Verification Standard certifications.
+
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification using a commercially-workable open standard. This standard can be used to establish a level of confidence in the security of web applications and web services.
* The applicant will define an OWASP Application Security Verification Standard which defines levels that applications may be certified against.  
+
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Email Contacts'''
 
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:mike.boberski(at)cox.net '''Mike Boberski''']
 
  | style="width:14%; background:#cccccc" align="center"|Project Leader<br>[mailto:mike.boberski(at)cox.net '''Mike Boberski''']
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>(if applicable)<br>[mailto:to(at)change '''Name&Email''']
+
  | style="width:14%; background:#cccccc" align="center"|Project Contributors<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams''']<br>[mailto:dave.wichers(at)owas.org'''Dave Wichers''']
  | style="width:14%; background:#cccccc" align="center"|[mailto:Owasp-Application-Security-Verification-Standard(at)lists.owasp.org '''Project Mailing List''']
+
  | style="width:14%; background:#cccccc" align="center"|[https://lists.owasp.org/mailman/listinfo/owasp-application-security-verification-standard '''Mailing List/Subscribe''']<br>
 +
[mailto:Owasp-Application-Security-Verification-Standard(at)lists.owasp.org '''Mailing List/Use''']
 
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams''']
 
  | style="width:14%; background:#cccccc" align="center"|First Reviewer<br>[mailto:jeff.williams(at)owasp.org '''Jeff Williams''']
 
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:pierre.parrend(at)insa-lyon.fr '''Pierre Parrend''']<br>[http://www.rzo.free.fr Curriculum]
 
  | style="width:14%; background:#cccccc" align="center"|Second Reviewer<br>[mailto:pierre.parrend(at)insa-lyon.fr '''Pierre Parrend''']<br>[http://www.rzo.free.fr Curriculum]
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(if applicable)<br>[mailto:name(at)name '''Name&Email''']
+
  | style="width:15%; background:#cccccc" align="center"|OWASP Board Member<br>(applicable just for Release Quality)  
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 22: Line 22:
 
  |-
 
  |-
 
  | style="width:100%; background:#cccccc" align="center"|
 
  | style="width:100%; background:#cccccc" align="center"|
* (If appropriate, links to be added)
+
* [https://www.owasp.org/images/5/52/About_OWASP_ASVS_Web_Edition.ppt '''OWASP ASVS Project's Power Point Presentation''']
 +
* OWASP ASVS Project/Beta Edition - [[:Image:OWASP ASVS Web Edition 2008 Beta.doc|'''Word''']] and [[:Image:OWASP ASVS Web Edition 2008 Beta.pdf|'''PDF''']] files.
 +
* OWASP ASVS Project/Alpha Edition - [[:Image:OWASP ASVS Web Edition 2008 Alpha.doc|'''Word''']] and [[:Image:OWASP ASVS Web Edition 2008 Alpha.pdf|'''PDF''']] files.
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 40: Line 42:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''  
 
  | style="width:15%; background:#7B8ABD" align="center"|'''50% Review'''  
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Application Security Verification Standard - 50 Review - Self Evaluation - A|See&Edit:50% Review/Self-Evaluation (A)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Application Security Verification Standard - 50 Review - First Reviewer - C|See&Edit: 50% Review/1st Reviewer (C)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>[[Project Information:template Application Security Verification Standard 50 Review Second Review E|See&Edit: 50%Review/2nd Reviewer (E)]]
 
  | style="width:22%; background:#C2C2C2" align="center"|X  
 
  | style="width:22%; background:#C2C2C2" align="center"|X  
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''  
 
  | style="width:15%; background:#7B8ABD" align="center"|'''Final Review'''  
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta'''<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - Self Evaluation - B|See&Edit: Final Review/SelfEvaluation (B)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta'''<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - First Reviewer - D|See&Edit: Final Review/1st Reviewer (D)]]
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
+
  | style="width:21%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes'''<br>---------<br>Which status has been reached?<br>'''Beta'''<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - Second Reviewer - F|See&Edit: Final Review/2nd Reviewer (F)]]
  | style="width:22%; background:#C2C2C2" align="center"|Objectives & Deliveries reached?<br>'''Yes/No''' (To update)<br>---------<br>Which status has been reached?<br>'''Season of Code''' - (To update)<br>---------<br>[[Project Information:template Application Security Verification Standard - Final Review - OWASP Board Member - G|See/Edit: Final Review/Board Member (G)]]
+
  | style="width:22%; background:#C2C2C2" align="center"|X
 
  |-
 
  |-
 
  |}
 
  |}

Latest revision as of 08:31, 12 January 2009

PROJECT IDENTIFICATION
Project Name OWASP Application Security Verification Standard Project
Short Project Description

The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing application security verification using a commercially-workable open standard. This standard can be used to establish a level of confidence in the security of web applications and web services.

Email Contacts Project Leader
Mike Boberski
Project Contributors
Jeff Williams
Dave Wichers
Mailing List/Subscribe

Mailing List/Use

First Reviewer
Jeff Williams
Second Reviewer
Pierre Parrend
Curriculum
OWASP Board Member
(applicable just for Release Quality)
PROJECT MAIN LINKS
SPONSORS & GUIDELINES
Sponsor - OWASP Summer of Code 2008 Sponsored Project/Guidelines/Roadmap
ASSESSMENT AND REVIEW PROCESS
Review/Reviewer Author's Self Evaluation
(applicable for Alpha Quality & further)
First Reviewer
(applicable for Alpha Quality & further)
Second Reviewer
(applicable for Beta Quality & further)
OWASP Board Member
(applicable just for Release Quality)
50% Review Objectives & Deliveries reached?
Yes
---------
See&Edit:50% Review/Self-Evaluation (A)
Objectives & Deliveries reached?
Yes
---------
See&Edit: 50% Review/1st Reviewer (C)
Objectives & Deliveries reached?
Yes
---------
See&Edit: 50%Review/2nd Reviewer (E)
X
Final Review Objectives & Deliveries reached?
Yes
---------
Which status has been reached?
Beta
---------
See&Edit: Final Review/SelfEvaluation (B)
Objectives & Deliveries reached?
Yes
---------
Which status has been reached?
Beta
---------
See&Edit: Final Review/1st Reviewer (D)
Objectives & Deliveries reached?
Yes
---------
Which status has been reached?
Beta
---------
See&Edit: Final Review/2nd Reviewer (F)
X