SpoC 007 - OWASP Web Security Certification Framework - Progress Page

From OWASP
Revision as of 09:39, 10 September 2007 by Mcurphey (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The OWASP Web Security Evaluation and Certification project is well underway. In fact at this point in writing I intend to fully complete the first draft by COB Friday September the 10th.

So far we have met the following milestones;

Defined the criteria for a good standard and set out key proposals for consideration Defined the structure for a scaleable scheme and built the generic framework Defined the generic controls for the technology section Defined the generic controls for the process section

Left to do

Define controls for the people section Refine all controls

Configure all controls to create a reference implementation

There are several services companies already planning to offer services around this project and several banks planning to adopt it for their 3rd party security assessment criteria. This is very encouraging!