[OWASP-Bangalore] Why OWASP

Harinath Pudipeddi hpudipeddi at gmail.com
Mon Jun 1 05:44:21 EDT 2009


Akash,

Will you update and send it to the group?

On Wed, May 27, 2009 at 12:37, SISA Dharshan Shanthamurthy
<dbs at sisa.co.in>wrote:

>  Good effort but to get it accurate, PCI DSS Version 1.2 is already out
> (Oct1, 2008). The requirement is 6.5 is the one which talks on OWASP
> specifically while 6.6 talks of manual application VA or WAF.
>
>
>
> Cheers,
> Dharshan
>
>
>
> *From:* owasp-bangalore-bounces at lists.owasp.org [mailto:
> owasp-bangalore-bounces at lists.owasp.org] *On Behalf Of *Dinesh O'Bareja
> *Sent:* 27 May 2009 11:08
> *To:* owasp-bangalore at lists.owasp.org
> *Subject:* Re: [OWASP-Bangalore] Why OWASP
>
>
>
> Akash - my 2 c, in addition to your document.
>
>
>
> From what I know an App cannot be certified to ISO 27001 because there is
> no provision in the standard to certify an application for security.
>
>
>
> The standard sets up the ISMS in the organization and will ask that
> applications be secured and tested for security vulnerabilities. However it
> does not go into the nitty gritty of application testing and this is left
> for the organization to decide upon. If you see this is the case with Risk
> Management, Asset Management etc in ISO 27k1 too.
>
>
>
> So for your client to be asking why OWASP when ISO is there the answer is
> that ISO is a standard for ISMS but OWASP is the framework to build / test
> security in the application.
>
>
>
> And thanks for the PDF - it gives some good industry references to the use
> of the OWASP guidelines.
>
>
>
> tc
>
> Dinesh
>
>
>
>
>
>
>
> On Tue, May 26, 2009 at 10:31 PM, Akash <akashmahajan at gmail.com> wrote:
>
> Hey recently a client wanted to know why would anyone refer to OWASP
> for guidelines to securing their web apps. The question was in the
> context of if the app is already ISO 27002 certified etc.
>
> I created a simple one page PDF and shared with them. Might be useful
> in your organisations as well.
>
> Feedback more than welcome.
>
> The information has been taken from various sources online and the
> copyright only applies to presenting them in this manner. Feel free to
> use them anywhere and if you do quote me great but its ok otherwise as
> well. It was more for the client than anything else.
>
> --
> warm regards,
> Akash Mahajan
> ----------------------------------------------------------
> Security Consultant, (Web / Networks /
> Servers / IT/ Virtualization)
> Founder Headstart Network Foundation
> ----------------------------------------------------------
> http://www.linkedin.com/in/akashm
> http://network.headstart.in
> ----------------------------------------------------------
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>


-- 
Harinath Pudipeddi
+91.98860 01976 Mobile
http://www.linkedin.com/in/harinath

http://www.Penseur.in - Home Page
http://www.Dazasya.org.in - Dazasya

http://www.HeadStart.In - Showcasing India Innovation
http://www.owasp.org/index.php/Bangalore - OWASP Bangalore Chapter
http://www.TestersNetwork.WordPress.com - Software Testing Research Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090601/986d9d2f/attachment-0001.html 


More information about the OWASP-Bangalore mailing list