Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

OWASP publishes the 3rd version of its developer security guidelines

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 12, 2016

The Open Web Application Security Project (OWASP) has published what appears to be the third version of its developer security guidelines.

The goal is to offer peer-reviewed and some tested means of building more secure apps in the wild.

The Application Security Verification Standard Project (ASVS) is the catalyst to OWASP's much-cited mission that is the Top 10 web app security flaws so far discovered.

It promises better software that will help keep user data safer and company names out of the data breach cycle.

"The Top Ten are the things not to do," says OWASP veteran and security researcher Andrew van der Stock.

"The ASVS says to developers that if you do these twenty things well, most likely, you won't have security issues".

Van der Stock is co-project leader of the 2015 ASVS edition, along with Ireland chapter founder Daniel Cuthbert, both whom have worked with the OWASP project from its infancy.

"It goes beyond covering things like access controls, business logic flaws, a new topic on web services, and the number of critical areas," he added.

Developers who consume the document's twenty sections before building new apps should be on their way to succeed in penetration tests, and to satisfy payment card industry data security standards (PCI).

The OWASP's guide has grown a bit larger over time from its foundations as a detailed checklist to a peer-reviewed guide build on the lessons of those who use it.

The Netherlands Tax Office is a fully-fledged ASVS house. For the 2015 edition it answered the OWASP call and offered a scattering of ASVS checks that were not specifically security-related which it as a result passed over.

Van der Stock says that best practices have moved security earlier into the development process. Three to four years ago he and others in the industry were doing security and penetration testing at the end of a build.

That notion lies at the heart of the ASVS. The work was like other industry standards a marathon of endurance. Van der Stock says standards should be made behind curtains, but that the race isn't over for now.

OWASP is seeking volunteers to translate the ASVS into several Asian languages in countries where English is not universal.

Source: The Open Web Application Security Project.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer