OWASP CLASP V 1.2 : Integrating security approach in software development
CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible
CLASP is actually a set of process pieces that can be integrated into any software development process. It is designed to be both easy to adopt and effective. It takes a prescriptive approach, documenting activities that organizations should be doing. And, it provides an extensive wealth of security resources that make implementing those activities reasonable.
CLASP is divided into 7 chapters.
1. Concepts View
2. Role-Based View
3. Activity-Assessment View
4. Activity-Implementation View
5. Vulnerabilities View
6. Vulnerability Use-Cases
7. CLASP Resources
Hint !!
The chapter 7 enumerates standards for security that developers should follow during the implementation process.
These standards could be used for auditing code source (any language)
Post scriptum
Related Articles
CLASP |
|
Framework |
|
Methodology |
|