OWASP Application Security Assessment Standards Project/Roadmap

>>>>A diagram which describes at high level the idea of the Application Security Process from initial assessment to final mitigation and review.
 * Define the Application Security Assessment procedure into a Vulnerability Management procedure. Every step of the Application Security Assessment process should make some outputs related to Vulnerabilities/Risk related to the application.
 * Define how to prioritize WebApp Vulnerabilities working with CWE mapping and scoring systems as CWSS (referring to OWASP TOP 10)
 * Define a process of App Security Assessment that is Threat/Vulnerability Centric and that contains at least the following milestones:
 * Use OWASP ASVS in order to define the AS-IS of the application validation process using the following techniques:
 * Maturity Model (referring to OWASP SAMM Project)
 * Attack Surface of the Application (referring to OWASP Code Review Project)
 * Threat Modeling of the Application (referring to OWASP Code Review Project)
 * WAPT/Code Review/VA (referring to OWASP Testing/Code Review Projects)
 * Use OWASP ASVS in order to define the TO-BE of the application validation process.
 * For each level definable as TO-BE of the application validation process define how to implement
 * Processes:
 * SSDLC (Referring to OWASP Development Guide)
 * Code Review (referring to OWASP Code Review Project and OWASP SAMM)
 * WAPT (referring to OWASP Testing Guide and OWASP SAMM)
 * Technical Projects:
 * OWASP ESAPI
 * OWASP AppSensor
 * Practical Examples
 * Demo on how to implement ESAPI/AppSensor in a production project
 * Tips on how to implement an Application Security Assessment Process into a production environment