This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Day 5"
From OWASP
(Created page with "== Key activities == *Implement compensating controls & mitigation controls *Remediation Prioritization == Compensating Controls == *Implement compensating controls to limit...") |
Gabrielgumbs (talk | contribs) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]] | ||
| + | |||
| + | |||
== Key activities == | == Key activities == | ||
*Implement compensating controls & mitigation controls | *Implement compensating controls & mitigation controls | ||
*Remediation Prioritization | *Remediation Prioritization | ||
| + | <span id="Compensating Controls"></span> | ||
== Compensating Controls == | == Compensating Controls == | ||
*Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks. | *Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks. | ||
| + | <span id="Mitigating Controls"></span> | ||
== Mitigating Controls == | == Mitigating Controls == | ||
| − | *Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development | + | *Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle. |
| + | <span id="Remediation Prioritization"></span> | ||
== Remediation Prioritization == | == Remediation Prioritization == | ||
*Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific | *Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific | ||
| + | |||
| + | [[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]] | ||
Latest revision as of 22:44, 5 January 2015
< Back to The Application_Security_Program_Quick_Start_Guide
Key activities
- Implement compensating controls & mitigation controls
- Remediation Prioritization
Compensating Controls
- Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.
Mitigating Controls
- Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle.
Remediation Prioritization
- Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific
< Back to The Application_Security_Program_Quick_Start_Guide
