web application security assessment policy
play

Web Application Security Assessment Policy John Hally - PowerPoint PPT Presentation

Oct 24, 2022 •126 likes •195 views

Web Application Security Assessment Policy John Hally John.hally@comcast.net Why This Policy? Limit attack surface of our web applications Web application flaws/vulnerabilities are a major attack vector Protect Company

  1. Web Application Security Assessment Policy John Hally John.hally@comcast.net

  2. Why This Policy? � Limit attack surface of our web applications � Web application flaws/vulnerabilities are a major attack vector � Protect Company Brand/Reputation � Enterprise Security Policy Compliance � Other Compliance Requirements

  3. Policy Applicability � All web applications - internal, external, 3 rd party � Project Managers - Scheduling � Security Engineering – Reporting and recommendations � Development Team – Code remediation � Chief Information officer – Final authority

  4. Assessment Criteria � New or Major Application Release – Subject to a full assessment � Third Party or Acquired Web Application – Subject to full assessment � Point Releases – Subject to an appropriate assessment level based risk of changes � Patch Releases – Subject to an appropriate assessment level based on the risk of changes to functionality � Emergency Releases – Special case that will forgo an assessment, will require CIO approval

  5. Risk Rating � Risk calculation based on OWASP Risk Rating Methodology � High – must be fixed before release � Medium – fix in patch release unless cumulative risk becomes too high; other mitigation allowed � Low – fix in point release

  6. Non-compliance Ramifications � Application may be taken offline � Application functionality may be limited to temporarily mitigate issue (if possible) � Denial of release into live environment

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
A Framework for Water Security Assessment at City Scale: Application to Bangkok Informal

A Framework for Water Security Assessment at City Scale: Application to Bangkok Informal

A Framework for Water Security Assessment at City Scale: Application to Bangkok Informal roundtable on addressing water scarcity through cost effective and innovative responsible business practices (RBP) in the Resort Industry in ESCAP

364 views • 14 slides
The application of risk assessment in food safety control in Risk Risk Assessment Management

The application of risk assessment in food safety control in Risk Risk Assessment Management

Risk Analysis Framework The application of risk assessment in food safety control in Risk Risk Assessment Management mainland China Science based Policy based Junshi Chen, M.D. Risk Communication I nstitute of Nutrition

442 views • 6 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

1.31k views • 11 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides
SPF, DKIM and DMARC SPF stands for Sender Policy Framework, a record on the DNS which

SPF, DKIM and DMARC SPF stands for Sender Policy Framework, a record on the DNS which

4/30/2019 (515) 229-5674 kkothari@sgcsecure.com Cheap Solutions to Cybersecurity Kaushal Kothari Audit Secure Guard Consulting Internal Security Assessment (515) 229-5674 External Security Assessment and External Penetration Testing

62 views • 3 slides
Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.21k views • 60 slides
OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1.

Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1.

Security Assessment Technique for SDN greenkim@konkuk.ac.kr Contents 1. Introduction 2. Security Analyses of SDN 3. Security Assessment Technique for SDN 3.1 Taxonomy of issues 3.2 Assessment technique 4. Case study of IMECA

223 views • 19 slides
Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application Security Management (ASM) Features and Benefits Performance Review Ordering Information About Application Security Management (ASM)

618 views • 7 slides
Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal instructions submittal instructions Administrative answer the lab assignments questions in written report form, as a text, pdf, or Word

566 views • 37 slides
ACF food security assessment in Hodeida and Hajjah governorates Presentation at the Food Security

ACF food security assessment in Hodeida and Hajjah governorates Presentation at the Food Security

ACF food security assessment in Hodeida and Hajjah governorates Presentation at the Food Security & Agriculture Cluster 15 th Jan 2013 Assessment location 15 Jan 2013 1 Assessment tools District # Households Market Key informant Focus

515 views • 6 slides
Dr. Jennifer Zwicker HOW DOES DATA IMPACT POLICY? Policy/clinical impact Evaluation

Dr. Jennifer Zwicker HOW DOES DATA IMPACT POLICY? Policy/clinical impact Evaluation

How does data impact policy? Dr. Jennifer Zwicker HOW DOES DATA IMPACT POLICY? Policy/clinical impact Evaluation Intervention research and clinical application Needs assessment DATA AND NEEDS OF PERSONS WITH DISABILITIES NEEDS ASSESSMENT

596 views • 28 slides
Security and the .NET Framework Code Access Security Enforces security policy on code

Security and the .NET Framework Code Access Security Enforces security policy on code

Security and the .NET Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other code can be more, less, or

695 views • 21 slides
Security Architecture in a Collaborative De-Perimeterised Environment: Factors of Success Yulia

Security Architecture in a Collaborative De-Perimeterised Environment: Factors of Success Yulia

Security Architecture in a Collaborative De-Perimeterised Environment: Factors of Success Yulia Cherdantseva 1 Omer Rana 1 Jeremy Hilton 2 1 Cardiff University {y.v.cherdantseva |

593 views • 28 slides
Tailored Cyber Risk Solutions for Community Banks As a community financial institution, your

Tailored Cyber Risk Solutions for Community Banks As a community financial institution, your

Tailored Cyber Risk Solutions for Community Banks As a community financial institution, your cyber risks and regulatory expectations are growing faster than your resources to deal with them. Unfortunately, a single public cybersecurity or data

407 views • 17 slides
National Cyber Security Strategy 2016 26th of April 2017, Athens Samuel Rothenpieler,

National Cyber Security Strategy 2016 26th of April 2017, Athens Samuel Rothenpieler,

National Cyber Security Strategy 2016 26th of April 2017, Athens Samuel Rothenpieler, International Relations Advisor, Federal Offjce for Information Security (BSI) Mission Statement of the German Federal Offjce for Information Security (BSI)

464 views • 14 slides
SELIC CORP OPPORTUNITY DAY QUARTER 3/2018 DATE: December 18, 2018 Selic Corp Public Company

SELIC CORP OPPORTUNITY DAY QUARTER 3/2018 DATE: December 18, 2018 Selic Corp Public Company

SELIC CORP OPPORTUNITY DAY QUARTER 3/2018 DATE: December 18, 2018 Selic Corp Public Company Limited ABOUT SELIC We provide solutions for adhesive, our offer includes customized products and services that match our customers needs. Facts

689 views • 30 slides
National Likely General Election Voter Survey August 28 th , 2017 On the web

National Likely General Election Voter Survey August 28 th , 2017 On the web

National Likely General Election Voter Survey August 28 th , 2017 On the web www.mclaughlinonline.com ML LL ND East 22 64 7 More Likely/Less Likely Re-Elect your Member of Congress: Midwest 22 62 10 Has increased the debt ceiling

199 views • 18 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
Critical Area Planting g & Mulching Mulching Access Roads protected during winter, when

Critical Area Planting g & Mulching Mulching Access Roads protected during winter, when

Presentation #1 March 19, 2016 Workshop Management Practices to Protect Roads from Concentrated Flow of Runoff Road seeding Road bed preparation Critical Area Planting g & Mulching Mulching Access Roads protected during winter, when

350 views • 16 slides
Soybean Seeding Trend Analysis February 2020 The Story ry of f Soybean Seeding Rates

Soybean Seeding Trend Analysis February 2020 The Story ry of f Soybean Seeding Rates

Atlantic Grains Council Soybean Seeding Trend Analysis February 2020 The Story ry of f Soybean Seeding Rates Introduction Chapter 1: Plant population Chapter 2: Yield Chapter 3: Previous crop Chapter 4: Seeding equipment

713 views • 27 slides

More recommend