The OWASP Security Requirements Project is one of two major projects we hope
to do in the first half of this year. It is setting out to define a set of
functional security requirements for building secure web applications. We
are going to use the widely adopted Common Criteria and the NIAP developed
Common Criteria Tools. We chose the Common Criteria as it is a well adopted
formal scheme for security requirements and there are some excellent
supporting tools (http://www.owasp.org/projects/requirements/cctools.shtml)
which we can use.

This project will help feed the testing framework and serve as a blueprint
for all the things you would need to think about to design a secure web
application. You can read more about this at
http://www.owasp.org/projects/requirements/

Unlike the testing project, we are going to do this one in a closed group
and present the paper to the community when completed. The testing framework
will however be done entirely online over this mailing list.

It is expected to take around six months. If you are interested in
participating in the working group and can commit a few hours a week (we
want to keep it to under 20) please drop me an email with your name, email
address, company and some basic background. Participants are likely to be
application security architects, system developers or those already familiar
with the common criteria or formally specifying security requirements.

Thanks

www.owasp.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]