Presentation is loading. Please wait.

Presentation is loading. Please wait.

For Web Application Security Projects.

Published by경림 범 Modified over 6 years ago

Similar presentations

Presentation on theme: "For Web Application Security Projects."— Presentation transcript:

1 For Web Application Security Projects.
OWASP RFP Criteria. For Web Application Security Projects.

2 Table of Contents. 3. Recommended RFP Questions 1. Introduction
2. Recommended Information the Client should provide to Service Providers/Vendors. 3. Recommended RFP Questions

3 1. Introduction

4 Introduction: A Request For Proposal, (RFP) is a call made by an organization soliciting for bids by service providers or vendors to meet a need and it is often done by documents. The information provided in RFPs are important and when you create an RFP for an Application Security Verification project , emphasis should be on providing clear information about the scope of verification activities and evaluation criteria so prospective service providers and vendors can submit proposals that are comparable. References. An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents By Ying He, Chris Johnson,Karen Renaud ,Yu Lu and Salem Jebriel. School of Computing Science University of Glasgow,Glasgow, UK URL:

5 2. Recommended Information the Client should provide to Service Providers/Vendors.

6 Provide details about:
Lines of Code Number of Dynamic Pages. An Inventory of user roles and role descriptions. Brief Application Summary and Application Architecture. Degree of Verification Required. The frequency or duration for performing verification. References. An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents By Ying He, Chris Johnson,Karen Renaud ,Yu Lu and Salem Jebriel. School of Computing Science University of Glasgow,Glasgow, UK URL:

7 2. Recommended RFP Questions.

8 Number of Dynamic Pages.
Ask Service Providers/Vendors to Provide details on: Lines of Code Number of Dynamic Pages. An Inventory of user roles and role descriptions. Brief Application Summary and Application Architecture. Degree of Verification Required. The frequency or duration for performing verification. References. An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents By Ying He, Chris Johnson,Karen Renaud ,Yu Lu and Salem Jebriel. School of Computing Science University of Glasgow,Glasgow, UK URL:

9 Application Security Verification Methodology. Security Coverage.
Ask Service Providers/Vendors to Provide details on: Company Background. Application Security Verification Methodology. Security Coverage. Application Coverage. Risk Evaluation. Differentiators. Scope. Security. References. An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents By Ying He, Chris Johnson,Karen Renaud ,Yu Lu and Salem Jebriel. School of Computing Science University of Glasgow,Glasgow, UK URL:

10 Client Support Details. Pricing/Licensing Information.
Ask Service Providers/Vendors to Provide details on: Burden. Reporting Interface. Innovation. Integration. Benefits. Supporting Services. . Client Support Details. Pricing/Licensing Information. References. An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents By Ying He, Chris Johnson,Karen Renaud ,Yu Lu and Salem Jebriel. School of Computing Science University of Glasgow,Glasgow, UK URL:

Download ppt "For Web Application Security Projects."

Similar presentations

Systems Analysis and Design in a Changing World

Systems Analysis and Design in a Changing World
Chapter 8: Evaluating Alternatives for Requirements, Environment, and Implementation.

Chapter 8: Evaluating Alternatives for Requirements, Environment, and Implementation.
Introduction to Integrated Library Systems

Introduction to Integrated Library Systems
Top-Down Network Design Chapter Fourteen Documenting Your Network Design Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Fourteen Documenting Your Network Design Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Government Services How to Respond to a Request for Proposal (RFP) 2006.

Government Services How to Respond to a Request for Proposal (RFP) 2006.
Enterprise Content Management Pre-Proposal Conference for RFP No. ISD2006ECM-SS December 6, 2006 California Administrative Office of the Courts Information.

Enterprise Content Management Pre-Proposal Conference for RFP No. ISD2006ECM-SS December 6, 2006 California Administrative Office of the Courts Information.
© Prentice Hall 2002 10.1 CHAPTER 10 Alternative Approach: Purchasing Systems.

© Prentice Hall CHAPTER 10 Alternative Approach: Purchasing Systems.
IS4799 Information Systems and Cybersecurity Capstone Project

IS4799 Information Systems and Cybersecurity Capstone Project
Project Bidding Procedures Enhancing Data and Presentation Skills for Engineers EDASPE Writing the RFP Training Courses – July 2004.

Project Bidding Procedures Enhancing Data and Presentation Skills for Engineers EDASPE Writing the RFP Training Courses – July 2004.
Final Report Document. Format Title Page Executive Summary Table of Contents Introduction Mission Statement Main PDS items Brief justification of the.

Final Report Document. Format Title Page Executive Summary Table of Contents Introduction Mission Statement Main PDS items Brief justification of the.
Chapter 13: Preparing the System Proposal Instructor: Paul K Chen.

Chapter 13: Preparing the System Proposal Instructor: Paul K Chen.
8 Systems Analysis and Design in a Changing World, Fifth Edition.

8 Systems Analysis and Design in a Changing World, Fifth Edition.
AD description template definition Marián Mlynarovič FIIT Lectures 2006.

AD description template definition Marián Mlynarovič FIIT Lectures 2006.
1 OUTLINE Need of a Proposal (why do we need a proposal?) Definition Types Elements of Winning Business Proposals Criteria for Proposals Writing Process.

1 OUTLINE Need of a Proposal (why do we need a proposal?) Definition Types Elements of Winning Business Proposals Criteria for Proposals Writing Process.
Chapter 3 Project Initiation. The stages of a project  Project concept  Project proposal request  Project proposal  Project green light  Project.

Chapter 3 Project Initiation. The stages of a project  Project concept  Project proposal request  Project proposal  Project green light  Project.
WELCOME TO THE PROCUREMENT SEMINAR Procurement and Contracts An Overview of Contract Administration.

WELCOME TO THE PROCUREMENT SEMINAR Procurement and Contracts An Overview of Contract Administration.
Collaborative Report Writing the Proposal. Definition Proposal: a document written to convince your audience to adopt an idea, a product, or a service.

Collaborative Report Writing the Proposal. Definition Proposal: a document written to convince your audience to adopt an idea, a product, or a service.
Concept Analysis Document Executive Summary Template, (To view template instructions – Save this template to project files, reopen and then select View,

Concept Analysis Document Executive Summary Template, (To view template instructions – Save this template to project files, reopen and then select View,
Typical Software Documents with an emphasis on writing proposals.

Typical Software Documents with an emphasis on writing proposals.
1 Lecture 3.9: RFP, SOW and CDRL (SEF Ch 19) Dr. John MacCarthy UMBC CMSC 615 Fall, 2006.

1 Lecture 3.9: RFP, SOW and CDRL (SEF Ch 19) Dr. John MacCarthy UMBC CMSC 615 Fall, 2006.

Similar presentations

Ads by Google