WebApp Sec mailing list archives
Re: Software security specifications
From: "i.matilde () gmail com" <i.matilde () gmail com>
Date: Tue, 22 Feb 2005 16:53:10 +0100
The objective of the policy is to give a list of general security considerations while designing the software, it could make a distinction between web and client/server applications, there will be lower level documents that will go into specific technology implementations like .net or j2ee, pointing to security best practices released by the vendors, there will also be a section regarding architecture specific considerations, one example is user profiling for web applications, we are currently designing a centralized directory service, the policy will recommend that where possible, for user profiling you must use this system... it will also give some advice on stuff like data design, example is separating the data that is used just by the application from the actual data that is sensitive, and requires a higher level of protection. Thanks Shawn On Mon, 21 Feb 2005 23:04:38 -0800 (PST), udayan pathak <udayan_pathak () yahoo com> wrote:
Hi Shawn Could you be a bit more specific about your question. The applications being developed are they big enough to involve concepts of Enterprise architecture? The policy you are trying to develop is that a high level policy or a more hands-on lower level policy specific to the apllication? Udayan --- "i.matilde () gmail com" <i.matilde () gmail com> wrote:I need to develop a policy that will list security requirements for new applications developed internally or by contractors, general specifications like validate input ecc...., I am looking for some good resources on the subject, any recommendations? Best Regards, Shawn__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Software security specifications i.matilde () gmail com (Feb 21)
- Re: Software security specifications Jeff Williams (Feb 21)
- Re: Software security specifications udayan pathak (Feb 21)
- Re: Software security specifications i.matilde () gmail com (Feb 23)
- Re: Software security specifications Angelo Perniola (Feb 23)
- Re: Software security specifications Andrew van der Stock (Feb 23)