This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Day 5"
From OWASP
Gabrielgumbs (talk | contribs) |
|||
| Line 3: | Line 3: | ||
*Remediation Prioritization | *Remediation Prioritization | ||
| + | <span id="Compensating Controls"></span> | ||
== Compensating Controls == | == Compensating Controls == | ||
*Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks. | *Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks. | ||
| + | <span id="Mitigating Controls"></span> | ||
== Mitigating Controls == | == Mitigating Controls == | ||
*Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle. | *Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle. | ||
| + | <span id="Remediation Prioritization"></span> | ||
== Remediation Prioritization == | == Remediation Prioritization == | ||
*Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific | *Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific | ||
Revision as of 22:36, 5 January 2015
Key activities
- Implement compensating controls & mitigation controls
- Remediation Prioritization
Compensating Controls
- Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.
Mitigating Controls
- Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle.
Remediation Prioritization
- Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific
