GeeCON Prague 2014*
The moose likes Security and the fly likes OWASP: the use of a security plan Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "OWASP: the use of a security plan" Watch "OWASP: the use of a security plan" New topic
Author

OWASP: the use of a security plan

Gian Franco
blacksmith
Ranch Hand

Joined: Dec 16, 2003
Posts: 977
Hello,

How would you suggest integrating the OWASP best
practices in the broader context of a security plan?

Gian


"Eppur si muove!"
Jc Li
Owasp member
Greenhorn

Joined: Feb 08, 2011
Posts: 8
OWASP provides a wide variety of documentation and resources related to application security.

Depending on the goals and audience of your security plan, any number of these resources can be incorporated.

For example:

* The OWASP Cheat Sheet series (http://www.owasp.org/index.php/Category:Cheatsheets) is a potential source for high level guidance for secure development.

* The OWASP ASVS Project (http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) is a potential source for guidance in evaluating and determining what kind of security assessments are appropriate for an application

* The OWASP Secure Coding Practices - Quick Reference Guide (http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide) is a potential source of a secure developer checklist that can be adapted into a coding standard

* The OWASP Legal Project (http://www.owasp.org/index.php/Category:OWASP_Legal_Project) is a potential source for incorporating security into the software acquisition process

For more detailed handbooks, the OWASP Development Guide (http://www.owasp.org/index.php/Category:OWASP_Guide_Project), OWASP Testing Guide (http://www.owasp.org/index.php/Category:OWASP_Testing_Project), and OWASP Testing Guide (http://www.owasp.org/index.php/Category:OWASP_Testing_Project) provide detailed information about secure development and performing security assessments.

These are just examples - the resources available at OWASP are far and wide and there is no "set" way to utilize the resources.

Hope that helps!

-Jason
OWASP Global Projects Committee Chair
Gian Franco
blacksmith
Ranch Hand

Joined: Dec 16, 2003
Posts: 977
Jc Li wrote:
Hope that helps!


thank you, this of great value!

Gian
 
GeeCON Prague 2014
 
subject: OWASP: the use of a security plan