OWASP Application Security Program Quick Start Guide Project
This guide is intended to be a short, straightforward introductory guide to standing-up or improving an Application Security Program . The intended goal of the AppSec program is to implement measures throughout the code's life-cycle to prevent gaps in the application security policy or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.
The application security program should effectively manage the security of its application systems, protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.
A fundamental component of this improved application security management is the ability to demonstrate acceptable levels of risk based on defined KPIs, including but not limited to:
The number of vulnerabilities present in an application
The time to fix vulnerabilities
The remediation rate of vulnerabilities
The time vulnerabilities remain open.
The application security program deliverables include a holistic view of the state of security for each application, identifying the risks associated with the application and the countermeasures implemented to mitigate those risks, explaining how security is implemented, planning for system downtimes and emergencies, and providing a formal plan to improve the security in one or more of these areas.
To see the collection of prior postings to the list,
visit the Owasp-application-security-program-quick-start-guide
Subscribe to Owasp-application-security-program-quick-start-guide by filling out the following
You will be sent email requesting confirmation, to
prevent others from gratuitously subscribing you. This is a hidden list, which means that the
list of members is available only to the list administrator.