==============================================================================================================================================
Cette semaine, une veille dédiée à la sécurité des applications Web.
Un très bon post complet sur Threatpost et deux autres sources complémentaires
Bonne lecture
Tristan
==============================================================================================================================================
A CISO's Guide To Application Security - Part 1: Defining AppSec
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-1-defining-appsec-040912 A CISO's Guide To Application Security - Part 2: The Growing Threat to Applications
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-2-growing-threat-applications-042312 A CISO's Guide To Application Security - Part 3: Toward an AppSec Center of Excellence
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-2-toward-appsec-center-excellence-043012 A CISO's Guide To Application Security - Part 4: Weighing AppSec Technology Options
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-4-weighing-appsec-technology-options-050712 A CISO's Guide To Application Security - Part 5: Justifying an Investment in AppSec
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-5-justifying-investment-appsec-051612 A Financial Model for Application Security Debt
http://www.veracode.com/blog/2011/03/a-financial-model-for-application-security-debt/ How to Improve Your Application Security Practices
http://news.hitb.org/content/how-improve-your-application-security-practices http://www.cio.com/article/711879/How_to_Improve_Your_Application_Security_Practices "Most of the security guys out there are not software people," he says. "They come from an IT background. All they really know how to do is protect the network."
"Organizations must comply," he says. "They spend the lion's share of their budget first on firewalls and antivirus because the compliance regulators mandate it."
Targets of choice, on the other hand, need to make themselves as secure as they possibly can and then prepare plans for how to react when they are breached so they can minimize the damage as much as possible.
Grossman also recommends that organizations hack themselves in an effort to understand how attackers will approach their Web sites.