LOGIN | REGISTER NOW | SUBSCRIBE
 
SD TIMES BLOG
kserignese

A chat about WebAppSec

by Katie Serignese 05/19/2010 01:50 PM EST

In a recent chat about Web app security (WebAppSec) with Georg Hess, prominent OWASP member and CEO of art of defense, a Regensburg, Germany-based application security provider, some interesting thoughts were raised. Hess discussed the need for a new role that would blend development, IT and networking experience to ensure better WebAppSec and bridge the gap in communication across the departments.

He also pointed out that large organizations already have WebAppSec teams that follow an application's entire lifecycle, but proposed a new role for smaller to mid-sized organizations: a WebAppSec manager. "It's a new role," he said, "not necessarily a new person.”

It’s basically the same concept as what is already going on in larger organizations, but is something that is needed in all size organizations to ensure WebAppSec, Hess said. This dedicated role would be responsible for the application’s security while in development or live. 

Hess also discussed other precautions that can be taken for WebAppSec, such as a Web application firewall (WAF). “This at the very least can be a second line of defense,” he said, whether for a cloud provider or anyone with a Web application. 

Once Hess mentioned cloud security it got me thinking that maybe it’s time to visit this topic more in depth. I don’t care to divulge anymore of what we discussed at this moment (more of that is to come), but I certainly think it’s a topic that deserves a comprehensive look.

 

Currently rated 5.0 by 2 people

  • Currently 5/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Share this link: http://www.sdtimes.com/blog/1633

Tags:

cloud | security | web

E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0) | Post RSSRSS comment feed

Add comment


 
 

biuquote
  • Comment




 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?


 
blogs tab
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

Bloomberg opens its API
Bloomberg's APIs could lead to a future standard for accessing market data.
02/01/2012 04:41 PM EST

The case for piracy
In the aftermath of SOPA and PIPA, some copyright holders have begun to embrace piracy as inevitable...and even beneficial.
01/30/2012 02:39 PM EST

Tablet sales boom, but applications lag
The installed base of tablet computers and e-book readers is growing rapidly, but no killer app has yet emerged -- hint, hint.
01/28/2012 05:48 PM EST

 
Events calendar tab
Cloud Connect
2/13/2012 to 2/16/2012
Santa Clara
TechWeb

SPTechCon: The SharePoint Technology Conf.
2/26/2012 to 2/29/2012
San Francisco
BZ Media

RSA Conf.
2/27/2012 to 3/2/2012
San Francisco
RSA

IBM Pulse Conf.
3/4/2012 to 3/7/2012
Las Vegas
IBM Tivoli

Game Developer Conf.
3/5/2012 to 3/9/2012
San Francisco
TechWeb