OWASP-Turkey published in 2010 a check list for web application security which provides various security controls for web application developers and system administrators.

It was planned to create the second version of the check list. I have been involved in the project and within the past 6 months we have worked on the new check list and structured and enhanced the document. Today we have announced the new check list and published it in Excel and PDF formats.

Compared to the first version, the new security check list contains the following enhancements:

• More security controls have been added. The new check list contains now 62 security controls.
• The categorization is now based on OWASP Testing Guide categories.
• Each security control is assigned to a verification requirement of OWASP ASVS (Application Security Verification Standard Project).
• The document has been published in PDF as well as in Excel format. The Excel format provides tool functionality and shows implemented and unimplemented security controls in graphical representations.
• Each security control has a status (Yes, No, Out-of-Scope) flag which is explicitly managed within the Excel tool.
• A Turkish-English terminology of security terms has been added to the document.

Now, our next step is translation into English. I believe the document would be very helpful for anyone (e.g. developer, auditor, security architect, IT architect, system administrator, database administrator, etc.) focusing on security aspects during development and operations of web applications.

You can download the documents from Publications section as well.