Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Attention, CISOs: Strategy is the only security

Marco Morana | Oct. 8, 2013
OWASP Guide project leader Marco Morana outlines ideal application security strategies.

Among the most popular projects produced by OWASP is the OWASP Top Ten, a de facto benchmark for web application vulnerability testing and for compliance with security industry standards such as PCI-DSS. The main goal of this guide is to help CISOs in the definition of an application security strategy where traditional information security and compliance goals align with the technical and business risks management goals of each organization. To achieve this goal, the OWASP application security guide for CISO aims to help CISOs in setting an application security strategy that includes the following strategic activities:

  • The inclusion of technical and risk management criteria for assessing the impact of security incidents derived by exploit of web application vulnerabilities so these can be prioritized for fixing
  • The identification of the security controls and measures that have been proven effective in mitigating the impact of cyber-attacks against web applications
  • The assessment of technical risks that are inherent on certain types of web application technologies used by web and mobile clients as well as cloud computing
  • The adoption of SDLC processes to build security during software development
  • The planning of application security based upon the organization capabilities in different software security domains using Software Assurance Maturity Models like SAMM and BISMM
  • The adoption of vulnerability testing methodologies and tools that can be used to improve the overall security profile of the web applications that are managed by the organization
  • The training models that can be used for training software engineers in the design, development and testing of secure software


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.