[Owasp-leaders] OWASP Top Ten - Security Controls?

psiinon psiinon at gmail.com
Tue Feb 19 12:54:36 UTC 2013


On Tue, Feb 19, 2013 at 12:51 PM, Jim Manico <jim.manico at owasp.org> wrote:

> I agree, I'm almost done with the first version of it. I call it the
> "OWASP Top Ten Proactive Controls" and have a few folks working on it with
> me (and leveraged much of the cheat sheet
> content for it).
> My goal is to release an early version in -wiki form- next month and will
> then seek community feedback and edits.
> Cool?
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> On Feb 19, 2013, at 6:39 PM, psiinon <psiinon at gmail.com> wrote:
> OK, spurious suggestion time...
> How about a new project, the OWASP Top Ten Web Application Security
> Controls?
> How is this different from the Secure Coding Practices Quick Reference
> Guide Project and Secure Coding Cheat Sheet?
> Probably not very - I'd expect a lot of similarities between the content!
> So why do it?
> Well, the OWASP Top Ten Web Application Security Risks is by far the most
> well known and successful OWASP project.
> Can we piggy back on this format to make the defences as visible as the
> existing Top Ten has made the risks?
> I realise we have to be careful not to dilute the impact of the existing
> top ten - a dozen different OWASP Top Ten projects would be counter
> productive.
> But I think we can justify this one as its a direct response to the risks.
> If it gets anything like the publicity that the current Top Ten gets then
> it could have a significant impact.
> And it can (should) still refer to all of the other relevant projects,
> like the Developers Guide and the other 2 mentioned above.
> Just think - lots of security companies claim their products protect you
> against the "OWASP Top Ten (Security Risks)" (lets not debate how true that
> actually is in this thread;).
> Imagine if frameworks boasted that they include all the "OWASP Top Ten
> Security Controls", or if customers started asking their suppliers if they
> use them all...
> Thoughts?
> Simon
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130219/1f3aae4b/attachment.html>

More information about the OWASP-Leaders mailing list