Web application security - the fast guide 1.1 | Page 181
Chapter 9 - Secure Application Development
CLASP Best Practices CLASP Activities
1. Institute awareness
programs Institute security awareness program
2. Perform application
assessments
3. Capture security
requirements
P a g e | 181
Related Project Roles
Project manager
Perform security analysis of system
requirements and design (threat
modeling) Security auditor
Perform source-level security review
Identify, implement, and perform
security tests Test analyst
Verify security attributes of resources Tester
Research and assess security posture
of technology solutions
Identify global security policy Identify resources and trust
boundaries
Owner: architect
Key contributor:
requirements specifier
Identify user roles and resource
capabilities
Owner: architect
Key contributor:
requirements specifier
Specify operational environment Owner: requirements
specifier
Key contributor: architect
Detail misuse cases
4. Implement secure
development practices
Owner: security auditor
Key contributor:
implementer, designer
Owner: designer
Key contributor:
component vendor
Requirements specifier
Owner: requirements
specifier
Key contributor:
stakeholder
Identify attack surface Document security-relevant
requirements Apply security principles to design Designer
Annotate class designs with security
properties Designer
Implement and elaborate resource
policies and security technologies Implementer
Implement interface contracts Implementer
Designer
Owner: requirements
specifier
Key contributor: architect