We're close to adapting #owasp 's Application Security Verification (#asvs) as our secure engineering principles.

https://owasp.org/www-project-application-security-verification-standard/

#SecureEngineeringPrinciples

Our in-company dms used to be just that. An in-company dms. But now it falls under the authority of #iso27002 and I was asked to write secure engineering principles for it. I was happy to find out that the #owasp #asvs offers very good handles for it. But if I decided to makeup some myself, I believe it would also have been accepted. #infosec #webapplication

Training developers in writing secure code is not easy. What do you think of the Security Knowledge Framework ?

https://www.securityknowledgeframework.org

SKF is a fully open-source Python-Flask web-application that uses the OWASP Application Security Verification Standard to train you and your team in writing secure code, by design.

#SKF #SecDevOps #OWAP #ASVS