WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: security standards

From: "Ofer Shezaf" <ofer () shezaf com>
Date: Mon, 5 Nov 2012 14:41:21 +0200
If your web application service includes a web application firewall (WAF) technology, I would urge you to look at 
WAFEC, the Web Application Firewall Evaluation Criteria 
(http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria), a community 
standard for defining requirements for a WAF.

~ Ofer

Ofer Shezaf
[+972-54-4431119; ofer () shezaf com, www.shezaf.com]

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of bl4de
Sent: Monday, November 05, 2012 1:57 PM
To: webappsec () securityfocus com
Subject: Re: security standards

Hi

Take a look at OWASP ASVS
https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

greetings,


W dniu 05.11.2012 o 11:22 Svejk It <svejkit () gmail com> pisze:


Hi,
If an organisation is looking to purchase or subscribe to a web 
application service, are there any security standards it can request 
the supplier to conform to? For example, it may like to have some 
assurance that SQL injection is not possible. If so, are these 
standards widely adopted?
Or, if there is not a widely adopted standard, is it reasonable to 
request that the supplier state that it follows the Best Practice and 
Guidelines of OWASP?
Thanks,
Svejk



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------




-- 


---------------------------------------------------------------------------------------------------
GTalk: bloorq () gmail com | MSN: blade () windowslive com | GG(Poland only):  
10863014 | Twitter: @_bl4de
---------------------------------------------------------------------------------------------------
$.WEB('#bl4de_skills').append( '<div class="technologies"> PHP5 | MySQL | HTML.CSS.JS </div>' );

$_codin = Array( 'PHP' => 'excellent', 'Java' => 'good', 'C/C++' => 'good', 'Perl' => 'basic');

WebAppsSecurity bl4de = new WebAppsSecurity(); bl4de.secureYourWebApp(true);

---------------------------------------------------------------------------------------------------
workshop: DebianSid.GnomeShell | NetBeans IDE | Opera.Firefox.Chrome

"The quieter you become the more you are able to hear..."  
---------------------------------------------------------------------------------------------------
http://pl.linkedin.com/pub/rafa%C5%82-janicki/45/350/3ba
https://bitbucket.org/bl4de/

BC Lions - The Pride of all BC - http://www.bclions.com
 



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: