WebApp Sec mailing list archives
RE: security standards
From: "Ofer Shezaf" <ofer () shezaf com>
Date: Mon, 5 Nov 2012 14:41:21 +0200
If your web application service includes a web application firewall (WAF) technology, I would urge you to look at WAFEC, the Web Application Firewall Evaluation Criteria (http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria), a community standard for defining requirements for a WAF. ~ Ofer Ofer Shezaf [+972-54-4431119; ofer () shezaf com, www.shezaf.com] -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of bl4de Sent: Monday, November 05, 2012 1:57 PM To: webappsec () securityfocus com Subject: Re: security standards Hi Take a look at OWASP ASVS https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project greetings, W dniu 05.11.2012 o 11:22 Svejk It <svejkit () gmail com> pisze:
Hi, If an organisation is looking to purchase or subscribe to a web application service, are there any security standards it can request the supplier to conform to? For example, it may like to have some assurance that SQL injection is not possible. If so, are these standards widely adopted? Or, if there is not a widely adopted standard, is it reasonable to request that the supplier state that it follows the Best Practice and Guidelines of OWASP? Thanks, Svejk This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
-- --------------------------------------------------------------------------------------------------- GTalk: bloorq () gmail com | MSN: blade () windowslive com | GG(Poland only): 10863014 | Twitter: @_bl4de --------------------------------------------------------------------------------------------------- $.WEB('#bl4de_skills').append( '<div class="technologies"> PHP5 | MySQL | HTML.CSS.JS </div>' ); $_codin = Array( 'PHP' => 'excellent', 'Java' => 'good', 'C/C++' => 'good', 'Perl' => 'basic'); WebAppsSecurity bl4de = new WebAppsSecurity(); bl4de.secureYourWebApp(true); --------------------------------------------------------------------------------------------------- workshop: DebianSid.GnomeShell | NetBeans IDE | Opera.Firefox.Chrome "The quieter you become the more you are able to hear..." --------------------------------------------------------------------------------------------------- http://pl.linkedin.com/pub/rafa%C5%82-janicki/45/350/3ba https://bitbucket.org/bl4de/ BC Lions - The Pride of all BC - http://www.bclions.com This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- security standards Svejk It (Nov 05)
- Re: security standards bl4de (Nov 05)
- RE: security standards Ofer Shezaf (Nov 05)
- RE: security standards Dave Wichers (Nov 05)
- <Possible follow-ups>
- RE: security standards Martin O'Neal (Nov 05)
- Re: security standards bl4de (Nov 05)