This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Day 5

From OWASP
Revision as of 22:44, 5 January 2015 by Gabrielgumbs (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

< Back to The Application_Security_Program_Quick_Start_Guide


Key activities

  • Implement compensating controls & mitigation controls
  • Remediation Prioritization

Compensating Controls

  • Implement compensating controls to limit the likelihood of successful attacks; for example, deploy web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks.

Mitigating Controls

  • Implement mitigating controls to discover and prevent mistakes that may lead to the introduction of vulnerabilities; for example, Control 6 of the CSIS 20 Critical Security Controls – Application Software Security. Build security into the development life cycle.

Remediation Prioritization

  • Implement remediation prioritization driven by financial calculations. Compare the cost of fixing specific

< Back to The Application_Security_Program_Quick_Start_Guide