'Re: protecting web apps for governaments'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: protecting web apps for governaments
From:       Vedantam Sekhar <vedantamsekhar () gmail ! com>
Date:       2012-06-20 4:42:09
Message-ID: CABKo5ukfjAYarhriAX6Bsz0Tw8Jyenu5hnf6=K1vBPQt6MuMmw () mail ! gmail ! com
[Download RAW message or body]

I think, every change in the application do not need an extensive
pentesting un till unless the change touches sensitive operations and
can be the targets for the attackers. But, probably we can
in-corporate the basic app vulnerability scanning as part of your
change management process.Some companies i've seen, the scanning tool
is given as a self serivce tool and dev's scan their applications on
their own and we just review it and help them remidiate the
vulnerabilities.
OWASP has the detailed guidelines for all the things you had asked.

Hope this helps,

Sekhar

On Tue, Jun 19, 2012 at 8:53 PM, marco cohen <marcocohen2@gmail.com> wrote:
> HI all
> 
> Im doing a consulting for one of the governaments in europe.
> 
> the idea is to create a most secure segment in which we will locate
> all the web apps of the gov and to protect them from any attack. we
> will buy equipment like SIEM, HIDS IPS, Firewalls and WAF and
> prevention of DDOS attacks.
> but additionaly to this I am working on policies to implement
> heardening of operation system of those servers.
> I am considering also politices of code review (in this process algo
> input validation), and twice a year pentest to all the 200 web sites.
> I am wondering if also doing code review for every change in the those
> web apps + pentest 2 time a year + WAF.
> 
> ISNT THAT TO MUCH FOR PROTECTING THE WEB SERVERS??
> 
> thanks a lot!
> 
> marco
> 
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SS=
L certificate. =A0We look at how SSL works, how it benefits your company an=
d how your customers can tell if a site is secure. You will find out how to=
 test, purchase, install and use a thawte Digital Certificate on your Apach=
e web server. Throughout, best practices for set-up are highlighted to help=
 you ensure efficient ongoing management of your encryption keys and digita=
l certificates.
> 
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f=
727d1
> ------------------------------------------------------------------------
> 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate.  We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic