Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SAS 70 and software policies

from [James Strassburg] Network Security [Permanent Link]
Subject: SAS 70 and software policies
Date: Fri, 30 Sep 2005 09:45:24 -0500 
My organization is currently preparing for a SAS 70 audit.  We started
writing web application security standards a while ago.  That got
extended to a software engineering security policy and that got extended
to a full software engineering policy covering our entire SDLC.  My
question is not about web app sec, however, but rather user developed
macros.  Should user (and by user I mean non-software developer)
developed macros be subject to the same software lifecycle that our
production apps would?  If not what about if the macros hit production
databases or other production network resources?

This is the best channel I can think of for this question so I apologize
if it is inappropriate.  If anyone knows of a better channel please let
me know.  thanks.

James A. Strassburg Jr.
Software Security Architect
Direct Supply, Inc.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SAS 70 and software policies, James Strassburg <=
Previous by Date:  Administrivia: At Ruxcon this weekend, Andrew van der Stock
Next by Date:  Re: Must we authenticate login forms (using SSL?)?, Eoin Keary
Previous by Thread:  Administrivia: At Ruxcon this weekend, Andrew van der Stock
Indexes:  [Date] [Thread] [Top] [All Lists]