WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: security standards

From: "Dave Wichers" <dave.wichers () aspectsecurity com>
Date: Mon, 5 Nov 2012 09:02:04 -0500
The cloud security alliance is trying to set defacto standards in this
area with their CSA SECURITY, TRUST & ASSURANCE REGISTRY (STAR). (see:
https://cloudsecurityalliance.org/star/). I looked at their requirements
briefly a while back and it was mostly about the hosting/data center,
and not the app itself, so maybe you could look at their requirements
for everything but AppSec, and then look at OWASP Guidelines like Top
10, or for a deeper dive, the ASVS for the Web app specific details.

-Dave

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Svejk It
Sent: Monday, November 05, 2012 5:22 AM
To: webappsec
Subject: security standards

Hi,
If an organisation is looking to purchase or subscribe to a web
application service, are there any security standards it can request the
supplier to conform to? For example, it may like to have some assurance
that SQL injection is not possible. If so, are these standards widely
adopted?
Or, if there is not a widely adopted standard, is it reasonable to
request that the supplier state that it follows the Best Practice and
Guidelines of OWASP?
Thanks,
Svejk



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: