WebApp Sec mailing list archives
RE: security standards
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Mon, 5 Nov 2012 12:15:09 -0000
If an organisation is looking to purchase or subscribe to a web application service, are there any security standards it can request the supplier to conform to?
The problem is one of definitions. What you're looking for is a "secure" application, and that is all a matter of context, semantics and personal appetite for risk. It's also a moving target (with new approaches and techniques being introduced regularly), so whilst there are standards around, the act of checking whether an application is compliant only has any meaning at the point it is checked, and to a large part depends on who is doing the checking. A supplier that understands OWASP is a good place to start. But it won't guarantee it is a secure app; just that it has slightly more chance of it being so. ;) The adoption standards are here (http://tinyurl.com/ckmvlnc). Not sure what that has to do with web apps though. It's a strange world. Martin... This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- security standards Svejk It (Nov 05)
- Re: security standards bl4de (Nov 05)
- RE: security standards Ofer Shezaf (Nov 05)
- RE: security standards Dave Wichers (Nov 05)
- <Possible follow-ups>
- RE: security standards Martin O'Neal (Nov 05)
- Re: security standards bl4de (Nov 05)