Thursday, June 26, 2008

OWASP Application Security Desk Reference Project

OWASP (The Open Web Application Security Project) is working on OWASP Application Security Desk Reference Project that produced a helpful basic reference material when performing such activities as threat modeling, security architecture review, security testing, code review, and metrics. It will be launched in August 1 2008 (only one month and few days from now).

You can download the draft (965 pages, in PDF format) at their wiki site, or you can download them per section (there are a lot of them) that suits your interests.

Here's the table of content:
  • Section 1: ASDR TOC Principles
  • Section 2: ASDR TOC Threat Agents
  • Section 3: ASDR TOC Attacks
  • Section 4: ASDR TOC Vulnerabilities
  • Section 5: ASDR TOC Control
  • Section 6: ASDR TOC Technical Impacts
  • Section 7: ASDR TOC Business Impacts