Wednesday, September 4, 2013

OWASP Framework Security Project

The most effective way to bring security capabilities to developers is to have them built into the framework.

With the above goal I've started the OWASP Framework Security Project.

Get Involved
Please join the mailing list or jump in and start contributing to the wiki

What is the OWASP Framework Security Project?
The OWASP Framework Security Project focuses on understanding missing security controls within popular frameworks, and coordinating with developers and the framework leaders to effectively integrate the missing security controls.  This project requires the collaboration between security experts, security minded developers, and framework developers and leaders.  The primary deliverable of this project is source code that is accepted into frameworks.  The OWASP Framework Security Project will maintain documentation to indicate with security controls have been accepted, and links to code and documentation at each framework.

  • Framework Developers - We need your help to build the security controls that will get accepted upstream into the framework. You have the best knowledge on development practices, code style, and knowledge of the framework to get new code accepted.
  • Security Professionals - We need you to help research and catalog available security controls in various frameworks. Our goal is to produce and clear matrix of available and missing security controls by framework.
  • Framework Leaders - Do you lead a key portion of a framework? Let's work together to understand the best way to get new security controls added.

-Michael Coates - @_mwc