CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible.
CLASP is actually a set of process pieces that can be integrated into any software development process. It is designed to be both easy to adopt and effective. It takes a prescriptive approach, documenting activities that organizations should be doing. And, it provides an extensive wealth of security resources that make implementing those activities reasonable.
The goals of the OWASP CLASP Project are to make these materials widely available as well as provide a forum for the community to contribute materials back to CLASP for the benefit of everyone. If you use CLASP now, have questions, or just have something else you’d like to share, give us a shout on the mailing list and let us know!
CLASP provides detailed information of the following types:
- Introduction to the Concepts behind CLASP to get started
- Seven key Best Practices that define CLASP
- Summaries of the high-level Security Services that serve as a foundation
- Some core Security Principles for software development
- Abstract Roles that are typically involved in software development
- A collection of Activities to augment the development process to build more secure software
- Advice on CLASP Process Engineering and Roadmaps
- Checklisted Coding Guidelines to help developers and auditors when reviewing code
- The lexicon of Vulnerabilities that occur in source code
- A Glossary of terms and phrases common to application security
- NEW – A Searchable Vulnerability Checklist in XLS for the CLASP Vulnerability lexicon