Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Web Application Security Assessment Policy

advertisement 
Web Application Security
Assessment Policy
John Hally
John.hally@comcast.net
Why This Policy?
! Limit attack surface of our web
!
!
!
!
applications
Web application flaws/vulnerabilities are a
major attack vector
Protect Company Brand/Reputation
Enterprise Security Policy Compliance
Other Compliance Requirements
Policy Applicability
! All web applications - internal, external, 3rd
!
!
!
!
party
Project Managers - Scheduling
Security Engineering – Reporting and
recommendations
Development Team – Code remediation
Chief Information officer – Final authority
Assessment Criteria
! New or Major Application Release – Subject to
!
!
!
!
a full assessment
Third Party or Acquired Web Application –
Subject to full assessment
Point Releases – Subject to an appropriate
assessment level based risk of changes
Patch Releases – Subject to an appropriate
assessment level based on the risk of changes
to functionality
Emergency Releases – Special case that will
forgo an assessment, will require CIO approval
Risk Rating
! Risk calculation based on OWASP Risk
Rating Methodology
! High – must be fixed before release
! Medium – fix in patch release unless
cumulative risk becomes too high; other
mitigation allowed
! Low – fix in point release
Non-compliance Ramifications
! Application may be taken offline
! Application functionality may be limited to
temporarily mitigate issue (if possible)
! Denial of release into live environment
Related documents
Brockton Public Schools School Committee Policy
Brockton Public Schools School Committee Policy
Project Kickoff - CSCI 6442
Project Kickoff - CSCI 6442
sarah kelley - Ampere Creations
sarah kelley - Ampere Creations
JCO 4204 PUBLIC RELATIONS WRITING AND PRODUCTION
JCO 4204 PUBLIC RELATIONS WRITING AND PRODUCTION
Vietnamese, Prepare to Meet Your God
Vietnamese, Prepare to Meet Your God
Writing the News Release
Writing the News Release
Exam3
Exam3
weighted comparison matrix
weighted comparison matrix
Sample Publicity Plan - Idaho Humanities Council
Sample Publicity Plan - Idaho Humanities Council
Master Harold and the Boys Comprehension Questions Part 1
Master Harold and the Boys Comprehension Questions Part 1
Writing Press Releases
Writing Press Releases
Working with Symbolism
Working with Symbolism
New Releases For Nonfiction
New Releases For Nonfiction
Master Harold and the boys Study Guide
Master Harold and the boys Study Guide
Chapter 3, "Avoiding Legal Hassles"
Chapter 3, "Avoiding Legal Hassles"
Security Policies - Personal Web Pages
Security Policies - Personal Web Pages
Measurement for Sustainable Development South Africa Statistics Matter
Measurement for Sustainable Development South Africa Statistics Matter
PR and Technology
PR and Technology
IB MASTER HAROLD levels of meaning notes
IB MASTER HAROLD levels of meaning notes
A T R S
A T R S
work sample 3
work sample 3
Waiting for a Glass Eye
Waiting for a Glass Eye
Download
advertisement