protecting web apps for governaments

[marco cohen <marcocohen2 () gmail com>]

HI all

Im doing a consulting for one of the governaments in europe.

the idea is to create a most secure segment in which we will locate
all the web apps of the gov and to protect them from any attack. we
will buy equipment like SIEM, HIDS IPS, Firewalls and WAF and
prevention of DDOS attacks.
but additionaly to this I am working on policies to implement
heardening of operation system of those servers.
I am considering also politices of code review (in this process algo
input validation), and twice a year pentest to all the 200 web sites.
I am wondering if also doing code review for every change in the those
web apps + pentest 2 time a year + WAF.

ISNT THAT TO MUCH FOR PROTECTING THE WEB SERVERS??

thanks a lot!

marco

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------