[Owasp-leaders] OWASP Top Ten - Security Controls?

Jim Manico jim.manico at owasp.org
Tue Feb 19 12:51:27 UTC 2013


I agree, I'm almost done with the first version of it. I call it the "OWASP
Top Ten Proactive Controls" and have a few folks working on it with me (and
leveraged much of the cheat sheet
content for it).

My goal is to release an early version in -wiki form- next month and will
then seek community feedback and edits.

Cool?

--
Jim Manico
@Manicode
(808) 652-3805

On Feb 19, 2013, at 6:39 PM, psiinon <psiinon at gmail.com> wrote:

OK, spurious suggestion time...

How about a new project, the OWASP Top Ten Web Application Security
Controls?

How is this different from the Secure Coding Practices Quick Reference
Guide Project and Secure Coding Cheat Sheet?
Probably not very - I'd expect a lot of similarities between the content!

So why do it?
Well, the OWASP Top Ten Web Application Security Risks is by far the most
well known and successful OWASP project.
Can we piggy back on this format to make the defences as visible as the
existing Top Ten has made the risks?
I realise we have to be careful not to dilute the impact of the existing
top ten - a dozen different OWASP Top Ten projects would be counter
productive.
But I think we can justify this one as its a direct response to the risks.

If it gets anything like the publicity that the current Top Ten gets then
it could have a significant impact.
And it can (should) still refer to all of the other relevant projects, like
the Developers Guide and the other 2 mentioned above.

Just think - lots of security companies claim their products protect you
against the "OWASP Top Ten (Security Risks)" (lets not debate how true that
actually is in this thread;).
Imagine if frameworks boasted that they include all the "OWASP Top Ten
Security Controls", or if customers started asking their suppliers if they
use them all...

Thoughts?

Simon

-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130219/468be7a3/attachment.html>


More information about the OWASP-Leaders mailing list