OWASP Open Source Project Addresses Security in the Application Development Process; Secure Software Donates CLASP, a Comprehensive Process to Improve Software Security in the SDLC
Posted on: Tuesday, 30 May 2006, 09:00 CDT
The Open Web Application Security Project today announced the availability of a process guide that will help a broad range of developers incorporate security into the software application development lifecycle (SDLC). OWASP is dedicated to helping organizations understand and improve the security of their applications and services.
CLASP (Comprehensive Lightweight Application Security Process) will be accessible through OWASP to developers globally. Developers will be able to leverage a best practices methodology that provides a well organized and structured approach for integrating security requirements and activities into each stage of the software development lifecycle.
"Many organizations are realizing that discovery and remediation of vulnerabilities in later stages of development is far too costly and often not enough," said Jeff Williams, CEO of Aspect Security and Chair of the OWASP organization. "The OWASP project makes sure that developers have the knowledge and the tools to build secure software from the beginning, saving time and money."
"OWASP is driving industry collaboration and capability in creating a more secure development process from start to end," said Pravir Chandra, chief security architect for Secure Software. "We are pleased that CLASP has been chosen to help developers build security into the design and development phases of the lifecycle."
OWASP was formed in 2000 and has over 1500 members and 60 chapters globally. The OWASP Foundation is a non-profit organization made up of all-volunteer participants. OWASP's mission is to enable organizations to develop, maintain and purchase applications that they can trust through the development of free, open and unbiased application security documentation, tools, chapters and conferences.
OWASP documentation projects include:
The Guide - Document that provides detailed guidance on web application security
Top Ten Most Critical Web Application Vulnerabilities - A high-level document to help focus on the most critical issues
Metrics - A project to define workable web application security metrics
Legal - A project to help software buyers and sellers negotiate appropriate security in their contracts
Testing Guide - A guide focused on effective web application security testing
ISO 17799 - Supporting documents for organizations performing ISO 17799 reviews
AppSec FAQ - Frequently asked questions and answers about application security
OWASP development projects include:
WebScarab - a web application vulnerability assessment suite including proxy tools
Validation Filters - (Stinger for J2EE, filters for PHP) generic security boundary filters that developers can use in their own applications
WebGoat - an interactive training and benchmarking tool that users can learn about web application security in a safe and legal environment
DotNet - a variety of tools for securing .NET environments.
About OWASP
The Open Web Application Security Project is an open source community project run by Jeff Williams and staffed entirely by volunteer experts from across the world. OWASP has setup a not-for-profit foundation called the OWASP Foundation to oversee OWASP activities including potential future funding initiatives. Each OWASP project manager and most have technical leads. There are more than forty registered participants across the board helping with projects in varying degrees at any one time from all around the world. More information can be found at www.owasp.org.
About CLASP
CLASP(TM), Comprehensive Lightweight Application Security Process, is an internationally proven and respected methodology for integrating security into the software development process. Developed and introduced by Secure Software, CLASP is built on seven fundamental best practices that include instituting awareness programs, performing application assessments, capturing security requirements, implementing secure development and workflow practices, building vulnerability remediation procedures, defining and monitoring metrics and publishing guidelines.
About Secure Software
Secure Software, based in McLean, VA, provides services and solutions that enable customers to architect, design and deploy secure enterprise software applications, a rising and critical need. The company is uniquely differentiated by its ability to integrate proven best practices, customer enablement programs and automation tools that find and remediate security flaws for business-critical applications. For more information, visit www.securesoftware.com.
Source: Business Wire
Related Articles
- Salesforce.com Delivers New Force.com for Google App Engine, Giving Developers New Capabilities for Application Development in Cloud Computing
- Spb Software Develops Windows Mobile Netflix Application in Cooperation With Microsoft and Netflix
- Minco Silver Wins Project Development Award
- GE Business Unit Grows in India With Stake in Investment Arm of KSK, Leading Indian Power Project Developer
- Industrial Nanotech Announces Innovative Application Process and Equipment Design for Petrobras Pipeline Project - Reduces Application Time for 50 Foot Sections From Hours to Minutes
- Franklin Continues Developing Bolivian Projects
- Catalyst Pharmaceutical Partners, Inc. Names Vice President of Pharmaceutical Development and Project Management
- DecisionEdge(TM) Releases New Business Intelligence Software for Leading Project Management Applications
- Improving Your Online Application Process
 |
 |
User Comments (0)
RSS Feeds