Security Basics mailing list archives
RE: protecting web apps for governaments
From: "Ward, Jon" <Jon_Ward () SYNTELINC COM>
Date: Tue, 19 Jun 2012 13:40:09 -0400
On the other side of the same token, we can spend resources on security ad infinitum, but how much is enough? The question to ask is whether the cost for protection will outweigh the potential loss. An adequate risk analysis will provide this balance point so we can know how much expense for protection is appropriate. In the private sector, this figure can help an organization provide a service without over-spending on protection. In business it's about the bottom line. In the government sector (or when dealing with legal requirements), this figure will help an organization determine when to stop offering the service. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Miguel Gracia Sent: Tuesday, June 19, 2012 11:58 AM To: marco cohen; security-basics () securityfocus com Subject: RE: protecting web apps for governaments There is no such thing as too much protection. If the company feels comfortable with this and thus requests nothing less, then it is worth having. From a technical standpoint, it may be overkill but it may be a requirement depending on audits done on the company and/or web apps. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of marco cohen Sent: Tuesday, June 19, 2012 11:23 AM To: security-basics () securityfocus com Subject: protecting web apps for governaments HI all Im doing a consulting for one of the governaments in europe. the idea is to create a most secure segment in which we will locate all the web apps of the gov and to protect them from any attack. we will buy equipment like SIEM, HIDS IPS, Firewalls and WAF and prevention of DDOS attacks. but additionaly to this I am working on policies to implement heardening of operation system of those servers. I am considering also politices of code review (in this process algo input validation), and twice a year pentest to all the 200 web sites. I am wondering if also doing code review for every change in the those web apps + pentest 2 time a year + WAF. ISNT THAT TO MUCH FOR PROTECTING THE WEB SERVERS?? thanks a lot! marco ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: protecting web apps for governaments, (continued)
- RE: protecting web apps for governaments Miguel Gracia (Jun 19)
- Re: protecting web apps for governaments Rob (Jun 19)
- RE: protecting web apps for governaments Miguel Gracia (Jun 19)
- Re: protecting web apps for governaments Rob (Jun 19)
- RE: protecting web apps for governaments Miguel Gracia (Jun 19)
- Re: protecting web apps for governaments Rob (Jun 19)
- RE: protecting web apps for governaments Miguel Gracia (Jun 19)
- Re: protecting web apps for governaments Computer Sevice Teeuwen (Roy) (Jun 19)
- RE: protecting web apps for governaments Dan Lynch (Jun 19)
- Re: protecting web apps for governaments marco cohen (Jun 19)
- Re: protecting web apps for governaments Shane Anglin (Jun 19)
- Re: protecting web apps for governaments CATHRYN OLDS (Jun 20)