Requirements
3. Requirements
Security requirements also provide a foundation of vetted security functionality for an application. Instead of creating a custom approach to security for every application, standard security requirements allow developers to reuse the definition of security controls and best practices; those same vetted security requirements provide solutions for security issues that have occurred in the past.
The importance of understanding key security requirements is described in the Security Requirements practice that is part of the Design business function section within the OWASP SAMM model. Ideally structured software security requirements are available within with a security a requirements framework, and these are utilized by both developer teams and product teams. In addition suppliers to the organization must meet security requirements; build security into supplier agreements in order to ensure compliance with organizational security requirements.
In summary, security requirements exist to prevent the repeat of past security failures.
Sections:
3.1 Requirements in practice
3.2 Risk profile
3.3 OpenCRE
3.4 SecurityRAT
3.5 Application Security Verification Standard
3.6 Mobile Application Security
3.7 Security Knowledge Framework
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.