My slides from #AppSecUSA 2013. If you want to help, please join the Developer Guide mail list (https://lists.owasp.org/mailman/listinfo/owasp-guide) and say hi. We have a Git Hub Repo which you can find from our project page.
2. ABOUT ME
Associate director, KPMG
Security Technical Assessments and Architecture
!
Project Lead, OWASP Developer Guide
Co-Lead, OWASP Proactive Controls
Lead author, OWASP Application Security Verification Standard
Lead author, OWASP Top 10 2007
Project Lead, OWASP ESAPI for PHP
!
2
ISC CSSLP
Help set SANS GIAC GSSP (Java) exam (2007)
12. VALUE
•
What is “valuable” to your
organization is almost not valuable
to someone else
•
There is no “<client>” profile in any
automated tool
•
Embed the notion of “value” into the
Developer Guide
13. OWASP DEVELOPER GUIDE 2013
•
A comprehensive dictionary of all
the things
•
Designed to be a tertiary level text
book for application architects and
developers
•
SMART - Specific, measurable
(testable), attainable, relevant, time
effective
•
Need help!
14. OWASP APPLICATION SECURITY VERIFICATION
STANDARD 2.0
•
A comprehensive standard with
three levels of verification
•
Designed to be a standard(!)
•
SMART - Specific, measurable
(testable), attainable, relevant, time
effective
•
GA - November 2013
15. OWASP PROACTIVE CONTROLS 2013
•
The things every development team
should be doing to be secure
•
Designed to be a standard(!)
•
SMART - Specific, measurable
(testable), attainable, relevant, time
effective
•
GA - November 2013
16. WHAT HASN’T WORKED
•
Converting to XML. Failed x1 time so far (1.1.1)
•
Minor updates. Failed x1 times so far (2.1)
•
Starting from scratch. Failed x3 times so far (3.0, 2010, 2012)
•
No project manager, roadmap or deadlines.
•
Community. Help!
•
Succession.
17. WHO
•
We need a project manager
•
We need lots of help writing material
•
We need lots of help with UML diagrams
•
We need lots of help with code snippets
•
Eventually, we will need technical and normal reviewers
•
Eventually, we would like translators
19. WHAT NEEDS TO BE WRITTEN
•
Everything
!
•
Large table of contents
•
Don’t freak out - contributions great and small gratefully accepted!
•
Need to decide on refactor or re-write
26. HOW YOU CAN HELP
•
Be part of the community
•
Join the Dev Guide mail list
https://lists.owasp.org/mailman/listinfo/owasp-guide
•
Tell us what you want to work on
•
Write! Contribute! Review! Translate!