1 / 10

OWASP RFP Criteria.

This document presents the recommended information and questions for creating a Request for Proposal (RFP) for web application security projects. It outlines what clients should provide to service providers/vendors and suggests key RFP questions to ensure a thorough evaluation process. Including details on lines of code, user roles, verification requirements, and more will help in selecting the most suitable service provider. Asking about company background, security methodology, risk evaluation, and pricing ensures a comprehensive review of potential vendors.

samantham
Download Presentation

OWASP RFP Criteria.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP RFP Criteria. For Web Application Security Projects.

  2. 1. Introduction Table of Contents. 2. Recommended Information the Client should provide to Service Providers/Vendors. 3. Recommended RFP Questions

  3. 1. Introduction

  4. Introduction: A Request For Proposal, (RFP) is a call made by an organization soliciting for bids by service providers or vendors to meet a need and it is often done by documents. The information provided in RFPs are important and when you create an RFP for an Application Security Verification project , emphasis should be on providing clear information about the scope of verification activities and evaluation criteria so prospective service providers and vendors can submit proposals that are comparable.

  5. 2. Recommended Information the Client should provide to Service Providers/Vendors.

  6. Provide details about: • Lines of Code • Number of Dynamic Pages. • An Inventory of user roles and role descriptions. • Brief Application Summary and Application Architecture. • Degree of Verification Required. • The frequency or duration for performing verification.

  7. 2. Recommended RFP Questions.

  8. Ask Service Providers/Vendors to Provide details on: • Lines of Code • Number of Dynamic Pages. • An Inventory of user roles and role descriptions. • Brief Application Summary and Application Architecture. • Degree of Verification Required. • The frequency or duration for performing verification.

  9. Ask Service Providers/Vendors to Provide details on: • Company Background. • Application Security Verification Methodology. • Security Coverage. • Application Coverage. • Risk Evaluation. • Differentiators. • Scope. • Security.

  10. Ask Service Providers/Vendors to Provide details on: • Burden. • Reporting Interface. • Innovation. • Integration. • Benefits. • Supporting Services. . • Client Support Details. • Pricing/Licensing Information.

More Related