Category:Activity

This category should be used to mark articles about application security activities.

What is an application security activity?
Application security activities are key practices that are performed during the software development lifecycle in order to reduce risk or increase assurance in an application. Note that these are just independent steps, and that they may be integrated into a number of different software development approaches.

Given that these activities must support many different development lifecycles, they should not be too tightly coupled. To the extent possible, they should be written to augment common software development practices. Differences applying the activity in different lifecycles should be noted.

Examples of application security activities
For an overview, please see the OWASP CLASP Project, which is focused on developing and enhancing application security activities.

Each article about an activity should document the following:
 * the name of the activity
 * the goal or expected outcome of the activity
 * when in the overall software development lifecycle the activity is typically performed
 * dependencies with other activities
 * the inputs required to perform the activity
 * the deliverables from the activity
 * the skills and tools necessary to perform the activity
 * the set of steps that comprise the activity
 * notes on applying the activity in common software development processes

The OWASP CLASP Project is focused on developing and enhancing these activities. Check there to look for tasks or see if your idea is already part of our plan.