|
|
Security Basics
protecting web apps for governaments Jun 19 2012 03:23PM marco cohen (marcocohen2 gmail com) (3 replies) Re: protecting web apps for governaments Jun 20 2012 04:30AM Vedantam Sekhar (vedantamsekhar gmail com) RE: protecting web apps for governaments Jun 19 2012 04:58PM Miguel Gracia (mgracia grayhairsoftware com) (4 replies) RE: protecting web apps for governaments Jun 19 2012 05:59PM Dan Lynch (DLynch placer ca gov) (2 replies) Re: protecting web apps for governaments Jun 19 2012 08:49PM Shane Anglin (shane anglin gmail com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:26PM Computer Sevice Teeuwen \(Roy\) (roy csteeuwen nl) Re: protecting web apps for governaments Jun 19 2012 05:22PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 05:28PM Miguel Gracia (mgracia grayhairsoftware com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:48PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 06:00PM Miguel Gracia (mgracia grayhairsoftware com) |
|
Privacy Statement |
from your answers I understand that its not an overkill implementing
all the what im thinking of. I just need to put it down to procedures
right away.
if someone have some procedures about heardening, code review and waf
implenetation I will be happy if you send it to me :-)
thanks
marco
2012/6/19 Dan Lynch <DLynch (at) placer.ca (dot) gov [email concealed]>:
>> From: Miguel Gracia
>> Sent: Tuesday, June 19, 2012 9:58 AM
>> To: marco cohen; security-basics (at) securityfocus (dot) com [email concealed]
>> Subject: RE: protecting web apps for governaments
>>
>> There is no such thing as too much protection. If the company
>> feels comfortable with this and thus requests nothing less,
>> then it is worth having. From a technical standpoint, it may
>> be overkill but it may be a requirement depending on audits
>> done on the company and/or web apps.
>
>
> Protecting $100 worth of data with $101 worth of mitigation is too much protection. Any security measures you implement MUST be justified by the value of the data, and the cost of loss and recovery.
>
> Granted, this is difficult in a government environment, where you can't calculate losses in terms of sales and revenue. You end up with management and elected officals calculating the cost against the near-infinite value of their careers, reputations, and egos.
>
> Good luck.
>
>
> Dan Lynch, CISSP
> Information Technology Analyst
> County of Placer
> Auburn, CA
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]