This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Codereview-Deployment"
From OWASP
(New page: === Secure application deployment === Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment. Having secure code but t...) |
m (Review - spelling) |
||
Line 2: | Line 2: | ||
Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment. | Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment. | ||
− | Having secure code but the | + | Having secure code but the environment upon which the code resides is a lost cause. |
− | Accessing resources directly | + | Accessing resources directly must be controlled within the environment; |
Areas such as configuration files, directories, & resources which need authorisation need to be secured on the host such that direct access to such artifacts is disallowed. | Areas such as configuration files, directories, & resources which need authorisation need to be secured on the host such that direct access to such artifacts is disallowed. |
Revision as of 20:43, 26 August 2008
Secure application deployment
Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment. Having secure code but the environment upon which the code resides is a lost cause. Accessing resources directly must be controlled within the environment;
Areas such as configuration files, directories, & resources which need authorisation need to be secured on the host such that direct access to such artifacts is disallowed.