Re: [WEB SECURITY] Suggestions for Web Application Security Roadmap?

[Justin Clarke <connectjunkie@xxxxxxxxx>]

You might want to also include some form of risk assessment process in  
order to determine what of the cornerstones are relevant to each  
application, and to figure out relative priorities for deploying the  
security roadmap.

Thanks

Justin

On 20 Jan 2008, at 21:51, Joe White wrote:

> I am in the process of putting together a Web Application Security
> Roadmap for a company and was hoping to get some feedback on any
> similar work or resources available from the group.
>
> The roadmap would ideally include approximate time lines for key
> milestones and would also offer a heads-up on future CapEx and other
> budget needs.
>
> My current thoughts are to include as key cornerstones of the roadmap
> the following:
>
> 1)  static source code analysis
> 2)  Web App Firewall
> 3)  web app security scanning
> 4)  secure code review
> 5)  web app incident response
> 6)  Enterprise Key Management (EKM)
>
> I think the trick may be to offer the above in a chronological
> framework and also offer some priorities for each.
>
> Once completed, I am happy to share what I end up with here but I
> would rather not re-invent the wheel if this has already been done.
>
> As always, comments are both welcome and appreciated.
>
> Thanks,
>
> joe
>
> <<<>>>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]