WebApp Sec mailing list archives
RE: security standards
From: "Dave Wichers" <dave.wichers () aspectsecurity com>
Date: Mon, 5 Nov 2012 09:02:04 -0500
The cloud security alliance is trying to set defacto standards in this area with their CSA SECURITY, TRUST & ASSURANCE REGISTRY (STAR). (see: https://cloudsecurityalliance.org/star/). I looked at their requirements briefly a while back and it was mostly about the hosting/data center, and not the app itself, so maybe you could look at their requirements for everything but AppSec, and then look at OWASP Guidelines like Top 10, or for a deeper dive, the ASVS for the Web app specific details. -Dave -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Svejk It Sent: Monday, November 05, 2012 5:22 AM To: webappsec Subject: security standards Hi, If an organisation is looking to purchase or subscribe to a web application service, are there any security standards it can request the supplier to conform to? For example, it may like to have some assurance that SQL injection is not possible. If so, are these standards widely adopted? Or, if there is not a widely adopted standard, is it reasonable to request that the supplier state that it follows the Best Practice and Guidelines of OWASP? Thanks, Svejk This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- security standards Svejk It (Nov 05)
- Re: security standards bl4de (Nov 05)
- RE: security standards Ofer Shezaf (Nov 05)
- RE: security standards Dave Wichers (Nov 05)
- <Possible follow-ups>
- RE: security standards Martin O'Neal (Nov 05)
- Re: security standards bl4de (Nov 05)