Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Software security specifications

from [Jeff Williams] Network Security [Permanent Link]
Subject: Re: Software security specifications
Date: Tue, 22 Feb 2005 00:22:40 -0500
Check out the OWASP Secure Software Development Contract Annex (http://www.owasp.org/documentation/legal.html)

Everyone involved with a software contracting relationship of any kind, even within a single application team, should have a discussion about security. This document is a *starting point* and is intended to facilitate that discussion.

Please let the team know if this document is helpful, or if you don't like the model. We're actively trying to improve the document.

--Jeff

Jeff Williams
The OWASP Foundation
www.owasp.org

----- Original Message ----- From: <i.matilde@gmail.com>
To: <webappsec@securityfocus.com>; <secprog@securityfocus.com>
Sent: Monday, February 21, 2005 11:17 AM
Subject: Software security specifications


I need to develop a policy that will list security requirements for
new applications developed internally or by contractors, general
specifications like validate input ecc...., I am looking for some good
resources on the subject, any recommendations?

Best Regards,

Shawn

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ISA Server and SQL Injection, Mark Curphey
Next by Date:  Re: Software security specifications, udayan pathak
Previous by Thread:  Software security specifications, i.matilde@gmail.com
Next by Thread:  Re: Software security specifications, udayan pathak
Indexes:  [Date] [Thread] [Top] [All Lists]