[Owasp_framework_security_project] Welcome!

Dave dave at samadhicsecurity.com
Sun Sep 15 08:59:49 UTC 2013

Hey, I'm Dave, I have a background in cryptography, software development, and penetration testing but most recently I have been focused on security architecture.  In a recent job I had I helped architect a web application security framework (we were using an obscure language so there wasn't anything that existed already we could use), so I have some views about what are good and bad security controls in frameworks.
As part of that same job, we decided to use Drupal for another application (we were building from scratch), so I sat down and figured out how several of Drupal's security controls worked, and I published what I found on my blog, http://www.samadhicsecurity.com/p/drupal-7-security.html.  I'm happy for information to be extracted from that and used in this project.
Date: Tue, 10 Sep 2013 23:01:39 -0700
From: michael.coates at owasp.org
To: owasp_framework_security_project at lists.owasp.org
Subject: [Owasp_framework_security_project] Welcome!

Welcome to the OWASP Framework Security Project,

We have our project page setup here:

an example of the matrix we can build for framework controls is listed here:

I've added some of the high level information on the project and our goals.

We need to do a few things first:
1. What type of people do we have on the list? Please do introduce yourself and also indicate if you are a Framework Developer, Security Professional, a 

Framework Leader or something else all together.

2. We need to decide on the frameworks and controls we want to focus on first. This will be partially impacted by our initial resources and connections

3. We need to build the list of available security controls and which frameworks support what (starting with the framework we picked in step 2).

Then we'll move into coordination with the framework teams and go from there.

With that, welcome! Please introduce yourself to the list.

Michael Coates | OWASP | @_mwc

Owasp_framework_security_project mailing list
Owasp_framework_security_project at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_framework_security_project/attachments/20130915/5f9952ec/attachment.html>

More information about the Owasp_framework_security_project mailing list