Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Monday, April 11, 2005
Security: It’s just a matter of asking the right questions
For many small and midsize networks, application security can often be a grey area.
Almost all companies test for vulnerable versions (i.e., missing security patches) and default configuration files.
Before investing any time or money in securing or verifying the security of an application, first perform a risk assessment.
The following are areas that should be considered:
- Scripting;
- Enumeration;
- Passwords;
- Sessions;
- Error handling;
- Field variables;
- Code commenting;
- Session time-out;
- Session cache; and
- Network parameters.
http://insight.zdnet.co.uk/internet/security/0,39020457,39194163,00.htm