[OWASP-Bangalore] Why OWASP

Akash akashmahajan at gmail.com
Mon Jun 1 07:47:30 EDT 2009


Yes I will. Please give me one more day to do that.


2009/6/1 Harinath Pudipeddi <hpudipeddi at gmail.com>:
> Akash,
>
> Will you update and send it to the group?
>
> On Wed, May 27, 2009 at 12:37, SISA Dharshan Shanthamurthy <dbs at sisa.co.in>
> wrote:
>>
>> Good effort but to get it accurate, PCI DSS Version 1.2 is already out
>> (Oct1, 2008). The requirement is 6.5 is the one which talks on OWASP
>> specifically while 6.6 talks of manual application VA or WAF.
>>
>>
>>
>> Cheers,
>> Dharshan
>>
>>
>>
>> From: owasp-bangalore-bounces at lists.owasp.org
>> [mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Dinesh
>> O'Bareja
>> Sent: 27 May 2009 11:08
>> To: owasp-bangalore at lists.owasp.org
>> Subject: Re: [OWASP-Bangalore] Why OWASP
>>
>>
>>
>> Akash - my 2 c, in addition to your document.
>>
>>
>>
>> From what I know an App cannot be certified to ISO 27001 because there is
>> no provision in the standard to certify an application for security.
>>
>>
>>
>> The standard sets up the ISMS in the organization and will ask that
>> applications be secured and tested for security vulnerabilities. However it
>> does not go into the nitty gritty of application testing and this is left
>> for the organization to decide upon. If you see this is the case with Risk
>> Management, Asset Management etc in ISO 27k1 too.
>>
>>
>>
>> So for your client to be asking why OWASP when ISO is there the answer is
>> that ISO is a standard for ISMS but OWASP is the framework to build / test
>> security in the application.
>>
>>
>>
>> And thanks for the PDF - it gives some good industry references to the use
>> of the OWASP guidelines.
>>
>>
>>
>> tc
>>
>> Dinesh
>>
>>
>>
>>
>>
>>
>>
>> On Tue, May 26, 2009 at 10:31 PM, Akash <akashmahajan at gmail.com> wrote:
>>
>> Hey recently a client wanted to know why would anyone refer to OWASP
>> for guidelines to securing their web apps. The question was in the
>> context of if the app is already ISO 27002 certified etc.
>>
>> I created a simple one page PDF and shared with them. Might be useful
>> in your organisations as well.
>>
>> Feedback more than welcome.
>>
>> The information has been taken from various sources online and the
>> copyright only applies to presenting them in this manner. Feel free to
>> use them anywhere and if you do quote me great but its ok otherwise as
>> well. It was more for the client than anything else.
>>
>> --
>> warm regards,
>> Akash Mahajan
>> ----------------------------------------------------------
>> Security Consultant, (Web / Networks /
>> Servers / IT/ Virtualization)
>> Founder Headstart Network Foundation
>> ----------------------------------------------------------
>> http://www.linkedin.com/in/akashm
>> http://network.headstart.in
>> ----------------------------------------------------------
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>
>>
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>
>
>
>
> --
> Harinath Pudipeddi
> +91.98860 01976 Mobile
> http://www.linkedin.com/in/harinath
>
> http://www.Penseur.in - Home Page
> http://www.Dazasya.org.in - Dazasya
>
> http://www.HeadStart.In - Showcasing India Innovation
> http://www.owasp.org/index.php/Bangalore - OWASP Bangalore Chapter
> http://www.TestersNetwork.WordPress.com - Software Testing Research Lab
>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>



-- 
warm regards,
Akash Mahajan
----------------------------------------------------------
Security Consultant, (Web / Networks /
Servers / IT/ Virtualization)
Founder Headstart Network Foundation
----------------------------------------------------------
http://www.linkedin.com/in/akashm
http://network.headstart.in
----------------------------------------------------------


More information about the OWASP-Bangalore mailing list