|
|
Security Basics
protecting web apps for governaments Jun 19 2012 03:23PM marco cohen (marcocohen2 gmail com) (3 replies) RE: protecting web apps for governaments Jun 19 2012 04:58PM Miguel Gracia (mgracia grayhairsoftware com) (4 replies) RE: protecting web apps for governaments Jun 19 2012 05:59PM Dan Lynch (DLynch placer ca gov) (2 replies) Re: protecting web apps for governaments Jun 19 2012 08:49PM Shane Anglin (shane anglin gmail com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:26PM Computer Sevice Teeuwen \(Roy\) (roy csteeuwen nl) Re: protecting web apps for governaments Jun 19 2012 05:22PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 05:28PM Miguel Gracia (mgracia grayhairsoftware com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:48PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 06:00PM Miguel Gracia (mgracia grayhairsoftware com) |
|
Privacy Statement |
pentesting un till unless the change touches sensitive operations and
can be the targets for the attackers. But, probably we can
in-corporate the basic app vulnerability scanning as part of your
change management process.Some companies i've seen, the scanning tool
is given as a self serivce tool and dev's scan their applications on
their own and we just review it and help them remidiate the
vulnerabilities.
OWASP has the detailed guidelines for all the things you had asked.
Hope this helps,
Sekhar
On Tue, Jun 19, 2012 at 8:53 PM, marco cohen <marcocohen2 (at) gmail (dot) com [email concealed]> wrote:
> HI all
>
> Im doing a consulting for one of the governaments in europe.
>
> the idea is to create a most secure segment in which we will locate
> all the web apps of the gov and to protect them from any attack. we
> will buy equipment like SIEM, HIDS IPS, Firewalls and WAF and
> prevention of DDOS attacks.
> but additionaly to this I am working on policies to implement
> heardening of operation system of those servers.
> I am considering also politices of code review (in this process algo
> input validation), and twice a year pentest to all the 200 web sites.
> I am wondering if also doing code review for every change in the those
> web apps + pentest 2 time a year + WAF.
>
> ISNT THAT TO MUCH FOR PROTECTING THE WEB SERVERS??
>
> thanks a lot!
>
> marco
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]