Overblog Tous les blogs Top blogs Technologie & Science Tous les blogs Technologie & Science
Editer l'article Suivre ce blog Administration + Créer mon blog
MENU

Un petit blog sans prétention (enfin j'espère) sur ce qui retient mon attention en matière de sécurité informatique....mais pas que.

Publicité

Veille - Sécurité des applications Web

 

==============================================================================================================================================

Cette semaine, une veille dédiée à la sécurité des applications Web.
Un très bon post complet sur Threatpost et deux autres sources complémentaires

Bonne lecture
Tristan

==============================================================================================================================================

A CISO's Guide To Application Security - Part 1: Defining AppSec
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-1-defining-appsec-040912

A CISO's Guide To Application Security - Part 2: The Growing Threat to Applications
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-2-growing-threat-applications-042312

A CISO's Guide To Application Security - Part 3: Toward an AppSec Center of Excellence
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-2-toward-appsec-center-excellence-043012

A CISO's Guide To Application Security - Part 4: Weighing AppSec Technology Options
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-4-weighing-appsec-technology-options-050712

A CISO's Guide To Application Security - Part 5: Justifying an Investment in AppSec
http://threatpost.com/en_us/blogs/cisos-guide-application-security-part-5-justifying-investment-appsec-051612


A Financial Model for Application Security Debt
http://www.veracode.com/blog/2011/03/a-financial-model-for-application-security-debt/

How to Improve Your Application Security Practices
http://news.hitb.org/content/how-improve-your-application-security-practices
http://www.cio.com/article/711879/How_to_Improve_Your_Application_Security_Practices

    "Most of the security guys out there are not software people," he says. "They come from an IT background. All they really know how to do is protect the network."
    "Organizations must comply," he says. "They spend the lion's share of their budget first on firewalls and antivirus because the compliance regulators mandate it."
    Targets of choice, on the other hand, need to make themselves as secure as they possibly can and then prepare plans for how to react when they are breached so they can minimize the damage as much as possible.
    Grossman also recommends that organizations hack themselves in an effort to understand how attackers will approach their Web sites.


Publicité
Retour à l'accueil
Partager cet article
Repost0
Pour être informé des derniers articles, inscrivez vous :
Commenter cet article