Professional Documents
Culture Documents
Pravir Chandra
OWASP CLASP Project Lead
Principal Consultant -- Cigital, Inc.
6th OWASP chandra@cigital.com
AppSec
Conference
Milan - May 2007 Permission is granted to copy, distribute and/or modify this document under the
terms of the Creative Commons Attribution-ShareAlike 2.5 License. To view this
license, visit http://creativecommons.org/licenses/by-sa/2.5/
1. Architect
2. Designer
3. Implementer
4. Project Manager
5. Requirements Specifier
6. Security Auditor
7. Test Analyst
Think
Philosophy of software security
Best Practices to guide decisions
Key decision points that affect logistics
Plan
Competencies and maturity levels
Sample, goal-based roadmaps
Do
Activity definitions and details
Role definitions and supporting information
Mission
Reinforce application security through prescriptive
guidance that enables iterative improvement to any
development model.
Tactical Goals
1. Getting draft of CLASP 2007 out for review
2. Updating OWASP Wiki with latest information and
downloads
3. Beefing up CLASP materials with more practical
advice/suggestions
6th OWASP AppSec Conference – Milan – May 2007 27
Get involved