[Owasp-leaders] - Secure Design Project

tonyuv at owasp.org tonyuv at owasp.org
Wed May 29 21:15:19 UTC 2013

Great work Ashish,

One recommendation out of the gate is to perhaps rename ‘Design Study’ to ‘Scope’ and include how boundaries of the design analysis will be controlled.  Design review ‘sprawl’ is an inherent challenge in this area so scope is key.  Also, ‘study’ and ‘analysis’ are too closely related in English so it may be good to reflect what the Study phase is doing which is truly scope related.  


Tony UV

ATL Chapter Lead

Sent from Windows Mail

From: Ashish Rao
Sent: ‎Wednesday‎, ‎May‎ ‎29‎, ‎2013 ‎2‎:‎48‎ ‎PM
To: OWASP Leaders

Hello All,

I am glad to release the initial contents for the secure application design project. 

You can find it here - https://www.owasp.org/index.php/OWASP_Secure_Application_Design_Project

In a couple of days time, I will also release the design flaws related to web applications that I have found so far. 

Subsequent releases of the project are planned to have:

1. Secure Design Techniques for:

a. Web applications

b. Thick/smart client applications

2. Secure guidelines for commonly used design frameworks in web applications

So there is going to be lot of work. I hope to seek your feedback and contributions for the same. 

Thanks and Regards,

Ashish Rao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130529/86449e9d/attachment.html>

More information about the OWASP-Leaders mailing list