This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Day 5"
From OWASP
Gabrielgumbs (talk | contribs) |
Gabrielgumbs (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | [[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]] | ||
| + | |||
| + | |||
== Key activities == | == Key activities == | ||
*Implement compensating controls & mitigation controls | *Implement compensating controls & mitigation controls | ||
| Line 14: | Line 17: | ||
== Remediation Prioritization == | == Remediation Prioritization == | ||
*Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific | *Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific | ||
| + | |||
| + | [[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]] | ||
Latest revision as of 22:44, 5 January 2015
< Back to The Application_Security_Program_Quick_Start_Guide
Key activities
- Implement compensating controls & mitigation controls
- Remediation Prioritization
Compensating Controls
- Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.
Mitigating Controls
- Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle.
Remediation Prioritization
- Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific
< Back to The Application_Security_Program_Quick_Start_Guide
