Re: Web Security Standards Body
Date: Wed, 20 Apr 2005 11:11:32 -0700
well - there is the ISO 17799 / BS7799 Standard (http://www.bsi-global.com/ICT/index.xalter)
The Open Web Application Security Project (www.owasp.org)
or ISECOM Open Source Security Testing Methodoloy (http://www.isecom.org/)
Dominick Baier - DevelopMentor
> Does anyone know if the W3C (or another accredited organization) has
> created a web security standard - something like the ISO 9000
> standard, but for security? I'm architecting a public site with
> sensitive data, and I'd like to have it's security model certified.
> Thank you.
- Re: bootstrapping a secure channel
... >> that Alice and Bob recognize each others voices. ... The security of this rests on an assumption ... >> There is another standard approach to this kind of problem, ... Sharing this secret would require a secure channel, ...
- Re: [Full-Disclosure] Apparently the practice was prevalent
... > continue to use the feature. ... As I said -- it is interesting how little concern some developers show ... for their clients larger security issues... ... "standard" as the standard that defines what an HTTP URL is is very ...
- RE: Certification for Win2k Web Servers
... the SANS gold standard training is in understanding and applying the recent ... composite security standard for Microsoft Windows 2000 Professional (not ... > Subject: RE: Certification for Win2k Web Servers ... > the audit results from the single third party auditor. ...
- Re: Lagging e-mail
... > Hi Mountain, ... The difference between the standard versus beta editions as follows: ... QUESTIONS ABOUT SECURITY ...
- Re: audit file location
... exploiting a flaw in your code is much harder if you don't know what you are looking for - and as you most often cannot put directories into directory traversal attacks - putting those files even on a separate hard disk/partition is even more secure. ... Dominick Baier - DevelopMentor ... If further away is more secure, then that means both ASP's security ...