This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Day 5"

From OWASP
Jump to: navigation, search
(Created page with "== Key activities == *Implement compensating controls & mitigation controls *Remediation Prioritization == Compensating Controls == *Implement compensating controls to limit...")
 
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]]
 +
 +
 
== Key activities ==
 
== Key activities ==
 
*Implement compensating controls & mitigation controls
 
*Implement compensating controls & mitigation controls
 
*Remediation Prioritization
 
*Remediation Prioritization
  
 +
<span id="Compensating Controls"></span>
 
== Compensating Controls ==
 
== Compensating Controls ==
 
*Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.
 
*Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.
  
 +
<span id="Mitigating Controls"></span>
 
== Mitigating Controls ==
 
== Mitigating Controls ==
*Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development lifecycle.
+
*Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle.
  
 +
<span id="Remediation Prioritization"></span>
 
== Remediation Prioritization ==
 
== Remediation Prioritization ==
 
*Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific
 
*Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific
 +
 +
[[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]]

Latest revision as of 22:44, 5 January 2015

< Back to The Application_Security_Program_Quick_Start_Guide


Key activities

  • Implement compensating controls & mitigation controls
  • Remediation Prioritization

Compensating Controls

  • Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.

Mitigating Controls

  • Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle.

Remediation Prioritization

  • Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific

< Back to The Application_Security_Program_Quick_Start_Guide