Final word

This document should be seen as a starting point rather than a comprehensive set of techniques and practices. We want to again emphasize that this document is intended to provide initial awareness around building secure software.

Good next steps to help build an application security program include:

1. To understand some of the risks in web application security please review the OWASP Top Ten .
2. A secure development program should include a comprehensive list of security requirements . Use Threat Modeling to identify potential security threats, derive security requirements, and tailor security controls to prevent those. Use standards such as the OWASP (Web) ASVS and the OWASP (Mobile) MASVS which provides a catalog of available security requirements along wiht the relevant verification criteria.
3. To understand the core building blocks of a secure software program from a more macro point of view please review the OWASP OpenSAMM project.

If you have any questions for the project leadership team, please contact with your questions, comments, and ideas at our GitHub project repository: https://github.com/OWASP/www-project-proactive-controls/issues