Difference between revisions of "User talk:Amber Marfatia"
KateHartmann (talk | contribs) m (Welcome!) |
(→Road Map towards creating the new security framework - Enhancing Security Options Framework (ESOP Framework): new section) |
||
| Line 3: | Line 3: | ||
You will probably want to read the [[Help:Contents|help pages]]. | You will probably want to read the [[Help:Contents|help pages]]. | ||
Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC) | Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 17:15, 31 January 2011 (UTC) | ||
| + | |||
| + | == Road Map towards creating the new security framework - Enhancing Security Options Framework (ESOP Framework) == | ||
| + | |||
| + | Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities: | ||
| + | |||
| + | <br> 1. Remote code execution | ||
| + | |||
| + | 2. SQL injection | ||
| + | |||
| + | 3. Format string vulnerabilities | ||
| + | |||
| + | 4. Cross Site Scripting (XSS) | ||
| + | |||
| + | 5. Session hacking | ||
| + | |||
| + | 6. Denial of service (DoS) attacks | ||
| + | |||
| + | 7. Eavesdropping /Sniffing/ Phishing | ||
| + | |||
| + | 8. Identity Spoofing | ||
| + | |||
| + | 9. Man-in-the-Middle Attacks | ||
| + | |||
| + | 10. Username enumeration | ||
| + | |||
| + | 1. Instrumentation & Audits for: | ||
| + | |||
| + | 2. Critical Business Areas | ||
| + | |||
| + | 3. User Management | ||
| + | |||
| + | 4. Un-usual activities | ||
| + | |||
| + | 5. Interfaces Integrations | ||
| + | |||
| + | 11. IIS Tweaks | ||
| + | |||
| + | 12. Password Policy | ||
| + | |||
| + | <br> | ||
| + | |||
| + | Road map for achieving the said framework is provided in the next section. | ||
Revision as of 06:46, 18 March 2011
Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 17:15, 31 January 2011 (UTC)
Road Map towards creating the new security framework - Enhancing Security Options Framework (ESOP Framework)
Purpose of the framework is to provide a security layer to a given web application / web site via web service which can use the functions / modules to protect the site from following vulnerabilities:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Session hacking
6. Denial of service (DoS) attacks
7. Eavesdropping /Sniffing/ Phishing
8. Identity Spoofing
9. Man-in-the-Middle Attacks
10. Username enumeration
1. Instrumentation & Audits for:
2. Critical Business Areas
3. User Management
4. Un-usual activities
5. Interfaces Integrations
11. IIS Tweaks
12. Password Policy
Road map for achieving the said framework is provided in the next section.
