[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Suggestions for Web Application Security Roadmap?

From: "Boaz Shunami" <BoazS@xxxxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Suggestions for Web Application Security Roadmap?
Date: Mon, 21 Jan 2008 18:30:01 +0200

Hi Joe,

You may want to read some resources regarding Secured Development
Lifecycle.

It's generic and can be applied to all development environments.

I have also seen that you didn't add anything regarding secured design
review nor threat modeling which are essential parts of any secured
development process.

Best Regards,

Boaz Shunami

Comsec Consulting

-----Original Message-----
From: feedyourhead@xxxxxxxxx [mailto:feedyourhead@xxxxxxxxx] On Behalf
Of Joe White
Sent: Sunday, January 20, 2008 11:51 PM
To: WASC Forum
Subject: [WEB SECURITY] Suggestions for Web Application Security
Roadmap?

I am in the process of putting together a Web Application Security
Roadmap for a company and was hoping to get some feedback on any
similar work or resources available from the group.

The roadmap would ideally include approximate time lines for key
milestones and would also offer a heads-up on future CapEx and other
budget needs.

My current thoughts are to include as key cornerstones of the roadmap
the following:

1)  static source code analysis
2)  Web App Firewall
3)  web app security scanning
4)  secure code review
5)  web app incident response
6)  Enterprise Key Management (EKM)

I think the trick may be to offer the above in a chronological
framework and also offer some priorities for each.

Once completed, I am happy to share what I end up with here but I
would rather not re-invent the wheel if this has already been done.

As always, comments are both welcome and appreciated.

Thanks,

joe

<<<>>>

------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
**********************************************************************************************
IMPORTANT: The contents of this email and any attachments are confidential. They are intended for the 
named recipient(s) only.
If you have received this email in error, please notify the system manager or the sender immediately and do 
not disclose the contents to anyone or make copies thereof.
*** eSafe scanned this email for viruses, vandals, and malicious content. ***
**********************************************************************************************


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Suggestions for Web Application Security Roadmap?
  - From: Joe White

Prev by Date: Re: [WEB SECURITY] Suggestions for Web Application Security Roadmap?
Next by Date: Re: [WEB SECURITY] Suggestions for Web Application Security Roadmap?
Previous by thread: Re: [WEB SECURITY] Suggestions for Web Application Security Roadmap?
Next by thread: Re: [WEB SECURITY] Suggestions for Web Application Security Roadmap?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site