Web Application Security
security standards Nov 05 2012 10:22AM
Svejk It (svejkit gmail com) (2 replies)
RE: security standards Nov 05 2012 02:02PM
Dave Wichers (dave wichers aspectsecurity com)
The cloud security alliance is trying to set defacto standards in this
area with their CSA SECURITY, TRUST & ASSURANCE REGISTRY (STAR). (see:
https://cloudsecurityalliance.org/star/). I looked at their requirements
briefly a while back and it was mostly about the hosting/data center,
and not the app itself, so maybe you could look at their requirements
for everything but AppSec, and then look at OWASP Guidelines like Top
10, or for a deeper dive, the ASVS for the Web app specific details.

-Dave

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Svejk It
Sent: Monday, November 05, 2012 5:22 AM
To: webappsec
Subject: security standards

Hi,
If an organisation is looking to purchase or subscribe to a web
application service, are there any security standards it can request the
supplier to conform to? For example, it may like to have some assurance
that SQL injection is not possible. If so, are these standards widely
adopted?
Or, if there is not a widely adopted standard, is it reasonable to
request that the supplier state that it follows the Best Practice and
Guidelines of OWASP?
Thanks,
Svejk

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: security standards Nov 05 2012 11:56AM
bl4de (bloorq gmail com) (1 replies)
RE: security standards Nov 05 2012 12:41PM
Ofer Shezaf (ofer shezaf com)


 

Privacy Statement
Copyright 2010, SecurityFocus