Re: Web App Sec ROI

[zeno <bugtraq () cgisecurity net>]

> In the same light as the Web App Sec Top Ten, does anyone know about any
> good studies or want to share their thoughts about the ROI of getting
> Web App Sec right in development ?
>
> How much does it cost to fix a typical problem like XSS or SQL Injection
> ?


Probably 1 hour max for xss problems (per hole) and about 1-1.5 hours for fixing
sql based holes. (I'm giving extra time). So you figure maybe 50-150 a hour depending on who
your payin. (obviously people getting paid more are probably able to fix the problem is half, or 1/4th
the time).

 

> How much does it cost each company for each incident (I see $16K for a
> virus incident used often)?
>
> How much does it cost to do a secure code review of a web app before
> release ?
>
>
> etc, etc
>
>
> -- 
> Mark Curphey <mark () curphey com>