This document should be seen as a starting point rather than a comprehensive set of techniques and practices. We want to again emphasize that this document is intended to provide initial awareness around building secure software.
Good next steps to help build an application security program include:
- To understand some of the risks in web application security please review the OWASP Top Ten and the OWASP Mobile Top Ten.
- Per Proactive Control #1, a secure development program should include a comprehensive list of security requirements based on a standard such as the OWASP (Web) ASVS and the OWASP (Mobile) MASVS.
- To understand the core building blocks of a secure software program from a more macro point of view please review the OWASP OpenSAMM project.
If you have any questions for the project leadership team, please contact with your questions, comments, and ideas at our GitHub project repository: https://github.com/OWASP/www-project-proactive-controls/issues