cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Newcomer II

What do you think of the Open Web Application Security Project (OWASP)?

Do you think it is a good start/reference or is there something better suited that has a focus on web application security?

 

https://owasp.org/

 

Tags (2)
1 Solution

Accepted Solutions
Advocate II

Re: What do you think of the Open Web Application Security Project (OWASP)?


@solhuebner wrote:

Do you think it is a good start/reference or is there something better suited that has a focus on web application security?

https://owasp.org/


Sascha,

OWASP has a long, well established record of strong technologists addressing web application security. That is definitely the best place to start learning about the topic. However, in order to really understand the world that the CSLLP covers, I recommend you also incorporate work from the Building Security In Maturity Model (BSIMM) effort, which allows you to think in terms of the complete System Life Cycle (SLC) as described by INCOSE in both the Systems Engineering Body of Knowledge and the Systems Engineering Handbook

 

It is important to address the full SLC as differentiated from the Software Development Life Cycle (SDLC) because too many programmers (coders) think the SDLC starts when someone else gives them the system requirements and ends with delivery of the code to meet those requirements. The complete SLC starts with the process to develop those requirements and continues through the operations, maintenance, and retirement stages of the systems' life. Especially in the world of security, paying attention to the security at retirement (e.g. disposal, destruction, data preservation, etc.) is a crucial part of our jobs.

 

Good luck, and congratulations on deciding to dive into a most important part of our profession.

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
1 Reply
Advocate II

Re: What do you think of the Open Web Application Security Project (OWASP)?


@solhuebner wrote:

Do you think it is a good start/reference or is there something better suited that has a focus on web application security?

https://owasp.org/


Sascha,

OWASP has a long, well established record of strong technologists addressing web application security. That is definitely the best place to start learning about the topic. However, in order to really understand the world that the CSLLP covers, I recommend you also incorporate work from the Building Security In Maturity Model (BSIMM) effort, which allows you to think in terms of the complete System Life Cycle (SLC) as described by INCOSE in both the Systems Engineering Body of Knowledge and the Systems Engineering Handbook

 

It is important to address the full SLC as differentiated from the Software Development Life Cycle (SDLC) because too many programmers (coders) think the SDLC starts when someone else gives them the system requirements and ends with delivery of the code to meet those requirements. The complete SLC starts with the process to develop those requirements and continues through the operations, maintenance, and retirement stages of the systems' life. Especially in the world of security, paying attention to the security at retirement (e.g. disposal, destruction, data preservation, etc.) is a crucial part of our jobs.

 

Good luck, and congratulations on deciding to dive into a most important part of our profession.

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile