Web Application Security
security standards Nov 05 2012 10:22AM
Svejk It (svejkit gmail com) (2 replies)
RE: security standards Nov 05 2012 02:02PM
Dave Wichers (dave wichers aspectsecurity com)
Re: security standards Nov 05 2012 11:56AM
bl4de (bloorq gmail com) (1 replies)
RE: security standards Nov 05 2012 12:41PM
Ofer Shezaf (ofer shezaf com)
If your web application service includes a web application firewall (WAF) technology, I would urge you to look at WAFEC, the Web Application Firewall Evaluation Criteria (http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firew
all%20Evaluation%20Criteria), a community standard for defining requirements for a WAF.

~ Ofer

Ofer Shezaf
[+972-54-4431119; ofer (at) shezaf (dot) com [email concealed], www.shezaf.com]

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of bl4de
Sent: Monday, November 05, 2012 1:57 PM
To: webappsec (at) securityfocus (dot) com [email concealed]
Subject: Re: security standards

Hi

Take a look at OWASP ASVS
https://www.owasp.org/index.php/Category:OWASP_Application_Security_Veri
fication_Standard_Project

greetings,

W dniu 05.11.2012 o 11:22 Svejk It <svejkit (at) gmail (dot) com [email concealed]> pisze:

> Hi,
> If an organisation is looking to purchase or subscribe to a web
> application service, are there any security standards it can request
> the supplier to conform to? For example, it may like to have some
> assurance that SQL injection is not possible. If so, are these
> standards widely adopted?
> Or, if there is not a widely adopted standard, is it reasonable to
> request that the supplier state that it follows the Best Practice and
> Guidelines of OWASP?
> Thanks,
> Svejk
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

--

------------------------------------------------------------------------
---------------------------
GTalk: bloorq (at) gmail (dot) com [email concealed] | MSN: blade (at) windowslive (dot) com [email concealed] | GG(Poland only):
10863014 | Twitter: @_bl4de
------------------------------------------------------------------------
---------------------------
$.WEB('#bl4de_skills').append( '<div class="technologies"> PHP5 | MySQL | HTML.CSS.JS </div>' );

$_codin = Array( 'PHP' => 'excellent', 'Java' => 'good', 'C/C++' => 'good', 'Perl' => 'basic');

WebAppsSecurity bl4de = new WebAppsSecurity(); bl4de.secureYourWebApp(true);

------------------------------------------------------------------------
---------------------------
workshop: DebianSid.GnomeShell | NetBeans IDE | Opera.Firefox.Chrome

"The quieter you become the more you are able to hear..."
------------------------------------------------------------------------
---------------------------
http://pl.linkedin.com/pub/rafa%C5%82-janicki/45/350/3ba
https://bitbucket.org/bl4de/

BC Lions - The Pride of all BC - http://www.bclions.com

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus