[Owasp-leaders] Gov.uk: Cyber security guidance for business

Frederick Donovan fred.donovan at owasp.org
Mon Jan 19 18:33:33 UTC 2015


I do find high-level to be useful in some orgs.

Here are some security configuration guides from Fort Meade that were also
developed for public consumption:  security_configuration_guides
<https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/archived_guides.shtml>
Really
just informational and some a bit outdated, but you'll notice in the SQLi
factsheet that OWASP is considered "well-respected". The
"Hardening_Deployed_WebApplications11182013.pdf" factsheet mentions using
the Top10 and Code Review guides.

Note: Any super-secret sophisticated backdoors/trojans/rootkits that are
installed upon download from the above link "so they can see everything"
would be unintended. ;)

-Fred

On Mon, Jan 19, 2015 at 5:14 AM, psiinon <psiinon at gmail.com> wrote:

> Advice from GCHQ, BIS and CPNI.
>
>
> https://www.gov.uk/government/publications/cyber-risk-management-a-board-level-responsibility
>
> Please note that the gratuitous use of the 'cyber' word is from the web
> site and not added by me ;)
>
> My first impressions are that despite it being very high level this is
> still disappointingly light on web security :(
>
> Simon
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
-Fred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150119/32a437ed/attachment.html>


More information about the OWASP-Leaders mailing list