[WEB SECURITY] Suggestions for Web Application Security Roadmap?

["Joe White" <joe@xxxxxxxxxxxxxxxxxx>]

I am in the process of putting together a Web Application Security
Roadmap for a company and was hoping to get some feedback on any
similar work or resources available from the group.

The roadmap would ideally include approximate time lines for key
milestones and would also offer a heads-up on future CapEx and other
budget needs.

My current thoughts are to include as key cornerstones of the roadmap
the following:

1)  static source code analysis
2)  Web App Firewall
3)  web app security scanning
4)  secure code review
5)  web app incident response
6)  Enterprise Key Management (EKM)

I think the trick may be to offer the above in a chronological
framework and also offer some priorities for each.

Once completed, I am happy to share what I end up with here but I
would rather not re-invent the wheel if this has already been done.

As always, comments are both welcome and appreciated.

Thanks,

joe

<<<>>>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]