[Owasp-leaders] OWASP Appsec Standard

John Patrick Lita john.patrick.lita at owasp.org
Thu Mar 26 12:58:39 UTC 2015


i agree with Abbas

On Thu, Mar 26, 2015 at 5:27 AM, <abbas.naderi at owasp.org> wrote:

> I have seen firms provide ASVS compliance certificates. As long as they do
> not claim its certified by OWASP its fine (they can say its based on OWASP
> ASVS).
> -A
>
> On Mar 25, 2015, at 5:21 PM, Mohamed Alfateh <mohamed.alfateh at owasp.org>
> wrote:
>
> To be certified with PCI/DSS, QSA will perform the audit, generate ROC
> (report on compliance) and then give you certificate, but you have to
> register with the PCI council and also to pay for certificate fees,
>
> ASAV is perfect, I used it several times, but the idea is how to say "My
> Application is ASAV compliant" similar to PA/DSS? how to perform "reliable"
> audit against ASAV? and also how to do that and avoid the certification vs
> open conflict :)
>
> It is just thought :)
>
> --
> Fateh
>
>
> On Wed, Mar 25, 2015 at 10:47 PM, McGovern, James <james.mcgovern at hp.com>
> wrote:
>
>>  We would need to “certify” the auditors (QSAs). I tried leading a
>> people oriented certification program several years back but was challenged
>> due to the conflict of certification vs open…
>>
>>
>>
>> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
>> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Mohamed Alfateh
>> *Sent:* Wednesday, March 25, 2015 4:24 PM
>> *To:* Jim Manico
>> *Cc:* OWASP Leaders
>> *Subject:* Re: [Owasp-leaders] OWASP Appsec Standard
>>
>>
>>
>> The idea is to give certificate upon compliance to standard requirement,
>> I don't think we need that extensive infrastructure, we may need to
>> prepare details for the auditing criteria,
>>
>> For PCI, the council is responsible for releasing the standard and give
>> the certificate of compliance, the auditing itself is done through other
>> qualified entities,
>>
>>
>>
>>
>>
>> On Wed, Mar 25, 2015 at 8:28 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> Certification? That requires extensive infrastructure and setup.
>>
>> Standard? Check out the OWASP ASVS Standard....
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>>
>> > On Mar 25, 2015, at 12:18 PM, Mohamed Alfateh <
>> mohamed.alfateh at owasp.org> wrote:
>> >
>> > Dear all,
>> >
>> > I had conversation with one of our chapter members regarding the
>> application security standards,
>> > He asked me: why don't we have OWASP Appsec standard and certification
>> similar to PA/DSS,
>> > I think OWASP is more trusted when it comes to application security.
>> OWASP already have many projects include information better than PA/DSS.
>> Also, this could be good revenue source for OWASP,
>> >
>> > What do you think about this ?  ,
>> >
>> > --
>> > Fateh
>>
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Best Regrads
John Patrick Lita
*Chapter Leader OWASP Manila*
FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
https://www.owasp.org/index.php/Manila
https://lists.owasp.org/mailman/listinfo/owasp-manila
<https://lists.owasp.org/mailman/listinfo/owasp-manila>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150326/145ae384/attachment.html>


More information about the OWASP-Leaders mailing list