Research Papers

Web Application Security Program

By Adrian Lane

Web Application Security is an incredibly difficult undertaking, and one of the papers we are most proud of is this one: Building a Web Application Security Program (attached below). Web Applications not only have many of the same threats and issues as traditional applications, but by their nature, have a whole additional set of issues to worry about as well. They require a different approach and analysis, and we hope that you will follow the use cases and adapt the technologies and process improvements suggested to meet your organizational needs. As the science of web application security is advancing very quickly, and as the attacks against web applications and platforms continues to evolve, our approach and recommendations will change. As we anticipate periodic updates to the content, we recommend that you periodically re-visit this section for alterations and amendments.

This pages is provided to allow you a place to participate with comments, recommendations or critiques in the comment fields below.

As always, we research and write the content, and sponsors choose to participate only after the content was made publicly available on the blog. We would like to thank Core Security, Imperva and Qualys for their sponsorship of this paper.

(Version 1.0, July 2009)

Building a Web Application Security Program. (PDF)

The Business Justification for Data Security

By Rich

The Business Justification for Data Security is one of our more important pieces of research. It describes how to evaluate data security investments, map the potential investment to your business needs, then build a business justification case. It starts with a discussion of data security issues, then reviews alternative models (and their flaws), and finishes presents our justification methodology. Attached is the Whitepaper.

Page 37 of 37 pages ‹ First  < 35 36 37