This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

SpoC 007 - Best Practices & Countermeasures

From OWASP
Revision as of 14:26, 12 September 2007 by Pauloc (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Back to SpoC 007 Selection page


AoC Candidate: Jim

Project coordinator: TBA

Project Progress: 0% Complete, Progress Page

Jim - Best Practices & Countermeasures

Executive Summary

I have been running the Buffalo, NY OWASP chapter since 2004. I have been President of ISACA WNY since 2005. I have delivered presentations at Buffalo ISSA, Rochester ISSA, ISACA WNY, and Buffalo OWASP meetings on the topic of Web Application Security.

My Project

The Best Practices & Countermeasures project will outline best practices that should be followed to address/prevent known web application security issues. The best practices will be divided up into related sections. For instance, there will be an "Authentication" section that would have best practices as follows: 1) Require strong passwords 2) For sensitive sites, require two-factor authentication 3) For intranet sites, tie authentication into existing authentication directory server, such as LDAP. 4) Implement account lock-out after 5 failed login attempts 5) Add a log entry and/or an alert to IDS operators after 5 failed login attempts 6) etc.

Each best practice could also have links to language-specific code constructs that show how to implement each best practice.

Long Term

It is my hope that this project can be used not only by developers, but also by IT auditors and security professionals during audits & assessments

Why I should be sponsored for the project

I have 15 years experience in IT, with 10 years experience in IT Security. I have a bachelor's degree in Computer Science and professional experience as a programmer/developer.


Back to SpoC 007 Selection page