OWASP provides a wide variety of documentation and resources related to application security.
Depending on the goals and audience of your security plan, any number of these resources can be incorporated.
For example:
* The OWASP Cheat Sheet series (
http://www.owasp.org/index.php/Category:Cheatsheets) is a potential source for high level guidance for secure development.
* The OWASP ASVS Project (
http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project) is a potential source for guidance in evaluating and determining what kind of security assessments are appropriate for an application
* The OWASP Secure Coding Practices - Quick Reference Guide (
http://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide) is a potential source of a secure developer checklist that can be adapted into a coding standard
* The OWASP Legal Project (
http://www.owasp.org/index.php/Category:OWASP_Legal_Project) is a potential source for incorporating security into the software acquisition process
For more detailed handbooks, the OWASP Development Guide (
http://www.owasp.org/index.php/Category:OWASP_Guide_Project), OWASP
Testing Guide (
http://www.owasp.org/index.php/Category:OWASP_Testing_Project), and OWASP Testing Guide (
http://www.owasp.org/index.php/Category:OWASP_Testing_Project) provide detailed information about secure development and performing security assessments.
These are just examples - the resources available at OWASP are far and wide and there is no "set" way to utilize the resources.
Hope that helps!
-Jason
OWASP Global Projects Committee Chair