Policy Only
Security requirements can be found on checklists handed to developers or company wiki.
It’s the starting point to assist developers with security revised checklists.
It’s also helpful during procurement to request a given list of requirements to be fulfilled.
Resources
- Generates GPT-4 security checklists. While they’re not validated out-of-the-box, it’s a great resource to get a checklist for any technology and start writing on top
- OWASP Application Security Verification Standard (ASVS) contains general requirements for applications