OWASP SASE Security

The OWASP SASE Security Assessment Framework will be an open, vendor-neutral methodology for evaluating the security, configuration, and operational resilience of Secure Access Service Edge (SASE) implementations. Its purpose is to give security teams, auditors, and independent testers a repeatable, practical, and threat-informed approach to validating SASE deployments - regardless of vendor or architecture.

The framework will:

Define assessment domains covering all SASE components (SWG, CASB, ZTNA, FWaaS, SD-WAN, etc.).

Map controls to Zero Trust principles, regulatory expectations, and threat scenarios.

Provide testing procedures, configuration validation steps, and adversary emulation techniques.

Offer reporting templates to support consistent communication of findings.

By combining control verification, configuration assurance, and simulated attack testing, the project will give organisations a trusted, community-driven standard to improve security and reduce risk in SASE-based architectures.

Road Map

Quarter 1 – Project Initiation & Scoping

  • Finalise project charter, objectives, and governance model.
  • Conduct stakeholder interviews (security practitioners, auditors, vendors, and regulators) to refine scope.
  • Establish GitHub repository, project wiki, and initial communication channels (Slack, mailing list).

Quarter 2 – Framework Design & Domain Definition

  • Define assessment domains covering all SASE components (SWG, CASB, ZTNA, FWaaS, SD-WAN, etc.).
  • Map domains to Zero Trust principles, common threats, and regulatory/compliance drivers.
  • Draft initial control catalogue and testing approach.

Quarter 3 – Draft Methodology & Community Review

  • Develop detailed testing procedures, configuration validation steps, and adversary simulation guidance.
  • Publish v0.1 Draft Framework for community feedback.
  • Host at least two virtual workshops to gather contributions and peer review.

Quarter 4 – Refinement & First Public Release

  • Incorporate feedback and finalise v1.0 of the OWASP SASE Security Assessment Framework.
  • Release reporting templates, scoring models, and reference implementation examples.
  • Present project outcomes at an OWASP event or webinar to promote adoption and recruit ongoing contributors.

End-of-Year Goal: Deliver a usable, vendor-neutral framework with clear documentation, public access, and an active contributor community.

Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

Watch Star