WebApp Sec mailing list archives
Re: Web App Sec ROI
From: zeno <bugtraq () cgisecurity net>
Date: Sat, 30 Nov 2002 12:40:16 -0500 (EST)
In the same light as the Web App Sec Top Ten, does anyone know about any good studies or want to share their thoughts about the ROI of getting Web App Sec right in development ? How much does it cost to fix a typical problem like XSS or SQL Injection ?
Probably 1 hour max for xss problems (per hole) and about 1-1.5 hours for fixing sql based holes. (I'm giving extra time). So you figure maybe 50-150 a hour depending on who your payin. (obviously people getting paid more are probably able to fix the problem is half, or 1/4th the time).
How much does it cost each company for each incident (I see $16K for a virus incident used often)? How much does it cost to do a secure code review of a web app before release ? etc, etc -- Mark Curphey <mark () curphey com>
Current thread:
- Web App Sec ROI Mark Curphey (Nov 30)
- Re: Web App Sec ROI zeno (Nov 30)
- <Possible follow-ups>
- Re: Web App Sec ROI securityarchitect (Nov 30)