Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

OWASP: the use of a security plan

 
Gian Franco
blacksmith
Ranch Hand
Posts: 979
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

How would you suggest integrating the OWASP best
practices in the broader context of a security plan?

Gian
 
Jc Li
Owasp member
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OWASP provides a wide variety of documentation and resources related to application security.

Depending on the goals and audience of your security plan, any number of these resources can be incorporated.

For example:

* The OWASP Cheat Sheet series (http://www.owasp.org/index.php/Category:Cheatsheets) is a potential source for high level guidance for secure development.

* The OWASP ASVS Project (http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) is a potential source for guidance in evaluating and determining what kind of security assessments are appropriate for an application

* The OWASP Secure Coding Practices - Quick Reference Guide (http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide) is a potential source of a secure developer checklist that can be adapted into a coding standard

* The OWASP Legal Project (http://www.owasp.org/index.php/Category:OWASP_Legal_Project) is a potential source for incorporating security into the software acquisition process

For more detailed handbooks, the OWASP Development Guide (http://www.owasp.org/index.php/Category:OWASP_Guide_Project), OWASP Testing Guide (http://www.owasp.org/index.php/Category:OWASP_Testing_Project), and OWASP Testing Guide (http://www.owasp.org/index.php/Category:OWASP_Testing_Project) provide detailed information about secure development and performing security assessments.

These are just examples - the resources available at OWASP are far and wide and there is no "set" way to utilize the resources.

Hope that helps!

-Jason
OWASP Global Projects Committee Chair
 
Gian Franco
blacksmith
Ranch Hand
Posts: 979
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jc Li wrote:
Hope that helps!


thank you, this of great value!

Gian
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic