Sunday, July 31, 2011

OWASP Top 10 Quiz

We had recently developed a quiz to help an organization test their developer's knowledge of OWASP top 10. I thought it would be a good idea to make it public and let other organization use it for their development teams as well. This is a very basic quiz but I do plan to add different levels and more questions to it and bring randomness in the questions as well.

I would greatly appreciate any feedback or suggestions that others may have.

Wednesday, April 13, 2011

OWASP threat modeling project

We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies. During the OWASP portugal summit I had a very meaningful and positive discussion on this topic and got support from a lot of people in the community. You can find out the results of the discussion at the OWASP Threat Modeling project page

If you would like to join the project, please join the mailing list at

Here are some of the topics to be taken up in the first meeting (most probably to be scheduled for next week)
  1. High level project roadmap with milestones.
  2. Call for participants
  3. Review existing resources within OWASP to align with threat modeling project.
  4. Come up with a threat modeling methodology
  5. Publish the first draft