1 / 10

OWASP RFP Criteria.

OWASP RFP Criteria. For Web Application Security Projects. 1. Introduction. Table of Contents. 2. Recommended Information the Client should provide to Service Providers/Vendors. 3. Recommended RFP Questions. 1. Introduction. Introduction:.

samantham
Download Presentation

OWASP RFP Criteria.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. OWASP RFP Criteria. For Web Application Security Projects.

  2. 1. Introduction Table of Contents. 2. Recommended Information the Client should provide to Service Providers/Vendors. 3. Recommended RFP Questions

  3. 1. Introduction

  4. Introduction: A Request For Proposal, (RFP) is a call made by an organization soliciting for bids by service providers or vendors to meet a need and it is often done by documents. The information provided in RFPs are important and when you create an RFP for an Application Security Verification project , emphasis should be on providing clear information about the scope of verification activities and evaluation criteria so prospective service providers and vendors can submit proposals that are comparable.

  5. 2. Recommended Information the Client should provide to Service Providers/Vendors.

  6. Provide details about: • Lines of Code • Number of Dynamic Pages. • An Inventory of user roles and role descriptions. • Brief Application Summary and Application Architecture. • Degree of Verification Required. • The frequency or duration for performing verification.

  7. 2. Recommended RFP Questions.

  8. Ask Service Providers/Vendors to Provide details on: • Lines of Code • Number of Dynamic Pages. • An Inventory of user roles and role descriptions. • Brief Application Summary and Application Architecture. • Degree of Verification Required. • The frequency or duration for performing verification.

  9. Ask Service Providers/Vendors to Provide details on: • Company Background. • Application Security Verification Methodology. • Security Coverage. • Application Coverage. • Risk Evaluation. • Differentiators. • Scope. • Security.

  10. Ask Service Providers/Vendors to Provide details on: • Burden. • Reporting Interface. • Innovation. • Integration. • Benefits. • Supporting Services. . • Client Support Details. • Pricing/Licensing Information.

More Related