[WEB SECURITY] "Enterprise Web Application Security Program"... baby steps

[Rafal Los <rafal@xxxxxxxxxxxxxxxx>]

--_9c168933-1979-44e0-815d-37e01f386e21_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


Hello Web Sec readers... I believe it was Arian that nailed it a while back=
 when they argued that web application security programs are poorly defined=
.  While I couldn't agree more I looked for some resources to aide the aver=
ge practitioner=2C and low and behold there are virtually none.  There is m=
uch development to be done in this direction...

With that in mind=2C I decided to write a series of blog posts dedicated to=
 helping folks build a security program=2C start to finish with some clear =
definition of components.  I hope you enjoy the series=2C and maybe even bo=
okmark it for future reference.  I know the response I got last time I post=
ed here was overwhelming... so hopefully you great readers and thinkers wil=
l continue to flood my inbox and comments section with ideas=2C thoughts=2C=
 and commentary on the work being done.  I hope to turn this into a paper=
=2C and do some extensive enterprise testing on this process... but for now=
 it's a blog post that details some of the foundational elements behind an =
enterprise web application security program.

Enjoy!

Following the White Rabbit
  http://www.communities.hp.com/securitysoftware/blogs/rafal/



 Rafal (Ralph) M. Los
Security & IT Risk Strategist
 - Blog:    http://preachsecurity.blogspot.com
 - LinkedIn: http://www.linkedin.com/in/rmlos



_________________________________________________________________
Access your email online and on the go with Windows Live Hotmail.
http://windowslive.com/online/hotmail?ocid=3DTXT_TAGLM_WL_HM_AE_Access_0220=
09=

--_9c168933-1979-44e0-815d-37e01f386e21_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
</style>
</head>
<body class=3D'hmmessage'>
Hello Web Sec readers... I believe it was Arian that nailed it a while back=
 when they argued that web application security programs are poorly defined=
.&nbsp=3B While I couldn't agree more I looked for some resources to aide t=
he averge practitioner=2C and low and behold there are virtually none.&nbsp=
=3B There is much development to be done in this direction...<br><br>With t=
hat in mind=2C I decided to write a series of blog posts dedicated to helpi=
ng folks build a security program=2C start to finish with some clear defini=
tion of components.&nbsp=3B I hope you enjoy the series=2C and maybe even b=
ookmark it for future reference.&nbsp=3B I know the response I got last tim=
e I posted here was overwhelming... so hopefully you great readers and thin=
kers will continue to flood my inbox and comments section with ideas=2C tho=
ughts=2C and commentary on the work being done.&nbsp=3B I hope to turn this=
 into a paper=2C and do some extensive enterprise testing on this process..=
. but for now it's a blog post that details some of the foundational elemen=
ts behind an enterprise web application security program.<br><br>Enjoy!<br>=
<br><b>Following the White Rabbit</b><br>&nbsp=3B http://www.communities.hp=
.com/securitysoftware/blogs/rafal/<br><br><br><hr id=3D"EC_EC_EC_[object]">
 <strong><font color=3D"#000080">Rafal (Ralph) M. Los</font></strong><br><f=
ont color=3D"#800000">Security &amp=3B IT Risk Strategist</font><br><strong=
></strong> - <strong>Blog</strong>:&nbsp=3B&nbsp=3B&nbsp=3B <a href=3D"http=
://preachsecurity.blogspot.com/">http://preachsecurity.blogspot.com</a><br>=
&nbsp=3B- <strong>LinkedIn</strong>: <a href=3D"http://www.linkedin.com/in/=
rmlos">http://www.linkedin.com/in/rmlos</a><br><br><br><br /><hr />Access y=
our email online and on the go with Windows Live Hotmail. <a href=3D'http:/=
/windowslive.com/online/hotmail?ocid=3DTXT_TAGLM_WL_HM_AE_Access_022009' ta=
rget=3D'_new'>Sign up today.</a></body>
</html>=

--_9c168933-1979-44e0-815d-37e01f386e21_--