[WEB SECURITY] Security in requirment gathering phase

AMER SALEEM saleem_amer at hotmail.com
Mon May 31 02:47:26 EDT 2010

Dear Dave - Yes, it's the right approach to identify all security concerns upfront as much as possible and plan how to mitigate them using threat modeling approach. 

I would recomment you to use CLASP project methodology proposed by OWASP. The url is www.owasp.org



Amer Saleem




Date: Sun, 30 May 2010 20:39:22 +0530
From: daveyrr at gmail.com
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Security in requirment gathering phase

I want to implement secure SDLC for applications developed in my organization.
For requirement gathering phase ,I plan to make a exhaustive list of application security controls for various caegories like Authentication , Session Mangement , Auditing and Logging etc  and ask my application team to accept /reject them based on requirement , with suitable comments.Which can be furhter used during design phase to make sure all the necessary controls identified as a part of requirement are coverd.
I plan to follow this up by a threat modeling activity during the design phase.
Will this be sufficient ? If someone can suggest a better approach for Requirement gathering and Design Phase phase.
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100531/1ba57f5c/attachment.html>

More information about the websecurity mailing list