Save time, empower your teams and effectively upgrade your processes with access to this practical OWASP Toolkit and guide. Address common challenges with best-practice templates, step-by-step work plans and maturity diagnostics for any OWASP related project.
Download the Toolkit and in Three Steps you will be guided from idea to implementation results.
The Toolkit contains the following practical and powerful enablers with new and updated OWASP specific requirements:
STEP 1: Get your bearings
- The latest quick edition of the OWASP Self Assessment book in PDF containing 49 requirements to perform a quickscan, get an overview and share with stakeholders.
- Example pre-filled Self-Assessment Excel Dashboard to get familiar with results generation
Then find your goals…
STEP 2: Set concrete goals, tasks, dates and numbers you can track
Featuring 891 new and updated case-based questions, organized into seven core areas of process design, this Self-Assessment will help you identify areas in which OWASP improvements can be made.
Examples; 10 of the 891 standard requirements:
- Do you have written clearance procedures in place regarding use, licensing, and consent agreements for third party content used by you in your products or services and on your website or in your promotional materials?
- Do the client workstations run in kiosk mode (1 generic user logged into machine, many users log into application) or can the application run under the logged in user with any valid user logging into the machine?
- If web or mobile app is used, has the website been developed in accordance with hopkins and or owasp guidance and is the site actively maintained and updated (see hopkins web checklist)?
- Are there some requirements for security that are structured as part of general releasability of an application and others that are as needed or custom for a particular release?
- Do all network connections to the Internet, business partners, or other third parties currently use inbound and outbound network filters, and intrusion detection systems?
- What is the desired or required level of assurance (i.e., grounds for confidence) that the selected security controls, as implemented are effective in their application?
- How do you ensure that systems and applications are appropriately and sufficiently isolated and protecting against malicious server to server communication?
- If your application or system resides in a Data Center, data is backed up every 24 hours. Do you have any special needs that require more frequent backups?
- What alternatives do the vendors offer for contacting technical support (e.g., e- mail, telephone, online chat, and web-based reporting)?
- Do you use an internal microblogging application at your company and if so do you think it helps with job satisfaction productivity etc.?
- The workbook is the latest in-depth complete edition of the OWASP book in PDF containing 891 requirements, which criteria correspond to the criteria in…
Your OWASP self-assessment dashboard which gives you your dynamically prioritized projects-ready tool and shows your organization exactly what to do next:
- The Self-Assessment Excel Dashboard; with the OWASP Self-Assessment and Scorecard you will develop a clear picture of which OWASP areas need attention, which requirements you should focus on and who will be responsible for them:
- Gives you a professional Dashboard to guide and perform a thorough OWASP Self-Assessment
- Is secure: Ensures offline data protection of your Self-Assessment results
- Dynamically prioritized projects-ready RACI Matrix shows your organization exactly what to do next:
STEP 3: Implement, Track, follow up and revise strategy
The outcomes of STEP 2, the self assessment, are the inputs for STEP 3; Start and manage OWASP projects with the 62 implementation resources:
- 62 step-by-step OWASP Project Management Form Templates covering over 6000 OWASP project requirements and success criteria:
Examples; 10 of the check box criteria:
- Planning Process Group: Is the organization showing technical capacity and leadership commitment to keep working with the OWASP project and to repeat it?
- Project Portfolio management: Consider the benefit of the strategic objectives portfolio and its relationship to the OWASP project portfolio. How is this helpful in OWASP project selection?
- Procurement Audit: In open and restricted procedures, did the contracting authority make sure that there is no substantive change to the bid due to this clearing process?
- Stakeholder Management Plan: Are there unnecessary steps that are creating bottlenecks and/or causing people to wait?
- Cost Baseline: Vac -variance at completion, how much over/under budget do you expect to be?
- Schedule Management Plan: Can be realistically shortened (the duration of subsequent tasks)?
- Team Operating Agreement: What administrative supports will be put in place to support the team and the teams supervisor?
- Team Directory: Have you decided when to celebrate the OWASP projects completion date?
- Planning Process Group: In what ways can the governance of the OWASP project be improved so that it has greater likelihood of achieving future sustainability?
- Quality Audit: How does the organization know that its research funding systems are appropriately effective and constructive in enabling quality research outcomes?
Step-by-step and complete OWASP Project Management Forms and Templates including check box criteria and templates.
1.0 Initiating Process Group:
- 1.1 OWASP project Charter
- 1.2 Stakeholder Register
- 1.3 Stakeholder Analysis Matrix
2.0 Planning Process Group:
- 2.1 OWASP project Management Plan
- 2.2 Scope Management Plan
- 2.3 Requirements Management Plan
- 2.4 Requirements Documentation
- 2.5 Requirements Traceability Matrix
- 2.6 OWASP project Scope Statement
- 2.7 Assumption and Constraint Log
- 2.8 Work Breakdown Structure
- 2.9 WBS Dictionary
- 2.10 Schedule Management Plan
- 2.11 Activity List
- 2.12 Activity Attributes
- 2.13 Milestone List
- 2.14 Network Diagram
- 2.15 Activity Resource Requirements
- 2.16 Resource Breakdown Structure
- 2.17 Activity Duration Estimates
- 2.18 Duration Estimating Worksheet
- 2.19 OWASP project Schedule
- 2.20 Cost Management Plan
- 2.21 Activity Cost Estimates
- 2.22 Cost Estimating Worksheet
- 2.23 Cost Baseline
- 2.24 Quality Management Plan
- 2.25 Quality Metrics
- 2.26 Process Improvement Plan
- 2.27 Responsibility Assignment Matrix
- 2.28 Roles and Responsibilities
- 2.29 Human Resource Management Plan
- 2.30 Communications Management Plan
- 2.31 Risk Management Plan
- 2.32 Risk Register
- 2.33 Probability and Impact Assessment
- 2.34 Probability and Impact Matrix
- 2.35 Risk Data Sheet
- 2.36 Procurement Management Plan
- 2.37 Source Selection Criteria
- 2.38 Stakeholder Management Plan
- 2.39 Change Management Plan
3.0 Executing Process Group:
- 3.1 Team Member Status Report
- 3.2 Change Request
- 3.3 Change Log
- 3.4 Decision Log
- 3.5 Quality Audit
- 3.6 Team Directory
- 3.7 Team Operating Agreement
- 3.8 Team Performance Assessment
- 3.9 Team Member Performance Assessment
- 3.10 Issue Log
4.0 Monitoring and Controlling Process Group:
- 4.1 OWASP project Performance Report
- 4.2 Variance Analysis
- 4.3 Earned Value Status
- 4.4 Risk Audit
- 4.5 Contractor Status Report
- 4.6 Formal Acceptance
5.0 Closing Process Group:
- 5.1 Procurement Audit
- 5.2 Contract Close-Out
- 5.3 OWASP project or Phase Close-Out
- 5.4 Lessons Learned
With this Three Step process you will have all the tools you need for any OWASP project with this in-depth OWASP Toolkit.
In using the Toolkit you will be better able to:
- Diagnose OWASP projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices
- Implement evidence-based best practice strategies aligned with overall goals
- Integrate recent advances in OWASP and put process design strategies into practice according to best practice guidelines
This Toolkit empowers people to do just that – whether their title is entrepreneur, manager, consultant, (Vice-)President, CxO etc… – they are the people who rule the future. They are the person who asks the right questions to make OWASP investments work better.
This OWASP All-Inclusive Toolkit enables You to be that person: