feat(next-devs): add "what's Next For Developers" draft

Author: PauloASilva

2019/en/dist/owasp-api-security-top-10.odt

@@ -1,2 +1,38 @@
 What's Next For Developers
 ==========================
+
+The task to create and maintain secure software or fixing existing ones can be
+difficult. APIs are no different.
+
+We believe that education and awareness are key factors to write secure
+software. Everything else required to accomplish the goal depends on
+**establishing and use repeatable security processes and standard security
+controls**.
+
+OWASP has numerous free and open resources to address security since the very
+project beginning. Please visit the [OWASP Projects page][1] for a comprehensive
+list of available projects.
+
+| | |
+|-|-|
+| **Education** | You can start by [OWASP Education Project materials][2] according to your profession and interest. For hands-on learning, we added **crAPI** - **C**ompletely **R**idiculous **API**, on [our roadmap][3]. Meanwhile, you can practice WebAppSec using the [OWASP NodeJS Goat][4], [OWASP Juice Shop Project][5] or any other of the available goat projects. You can also attend [OWASP AppSec Conference][6] training sessions or [join your local chapter][7]. |
+| **Security Requirements** | Security should be part of every project since the beginning. When doing requirements elicitation, it is important to define what secure means for that project. OWASP recommends you use the [OWASP Application Security Verification Standard (ASVS)][8] as a guide for setting the security requirements. If you're outsourcing, consider the [OWASP Secure Software Contract Annex][9], which should be adapted according to local law and regulations. |
+| **Security Architecture** | Security should remain a concern during all the project stages. The [OWASP Prevention Cheat Sheets][10] are a good starting point for guidance on how to design security in during the architecture phase. Among many others, you'll find the [REST Security Cheat Sheet][11] and the [REST Assessment Cheat Sheet][12]. |
+| **Standard Security Controls** | Adopting Standard Security Controls reduces the risk to introduce security weaknesses while writing your own logic. Despite the fact that many modern frameworks now come with built-in standard effective controls, [OWASP Proactive Controls][13] gives you a good overview of what security controls you should look to include in your project. OWASP also provides some libraries and tools you may find valuable, such as validation controls. |
+| **Secure Development Lifecycle** | You can use the [OWASP Software Assurance Maturity Model (SAMM)][14] to improve the process when building APIs. Several other OWASP projects are available to help you during the different API development phases e.g. the [OWASP Code Review Project][15] |
+
+[1]: https://www.owasp.org/index.php/Category:OWASP_Project
+[2]: https://www.owasp.org/index.php/OWASP_Education_Material_Categorized
+[3]: https://www.owasp.org/index.php/OWASP_API_Security_Project#tab=Road_Map
+[4]: https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project
+[5]: https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
+[6]: https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
+[7]: https://www.owasp.org/index.php/OWASP_Chapter
+[8]: https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
+[9]: https://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex
+[10]: https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
+[11]: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/REST_Security_Cheat_Sheet.md
+[12]: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/REST_Assessment_Cheat_Sheet.md
+[13]: https://www.owasp.org/index.php/OWASP_Proactive_Controls#tab=OWASP_Proactive_Controls_2018
+[14]: https://www.owasp.org/index.php/OWASP_SAMM_Project
+[15]: https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project