Home Contact Us

Resources

Resources

Compliance and Regulations



Data Protection Act – 1998
Data Protection Act regulates the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.
http://www.ico.gov.uk/for_organisations/data_protection_guide.aspx


Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS is a set of comprehensive requirements for enhancing payment account data security and was developed to help facilitate the broad adoption of consistent data security measures on a global basis.
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Organisations



Open Web Application Security Project (OWASP)
OWASP is a free and open application security community with a focus on improving the security of application software.
http://www.owasp.org/index.php/Main_Page


Web Application Security Consortium (WASC)
The Web Application Security Consortium (WASC) is made up of an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web.
http://www.webappsec.org/


Homeland Security – Build Security In
Build Security In is a collaborative effort that provides practices, tools, guidelines, rules, principles and other resources that development teams can use to build security into every phase of the software development.
https://buildsecurityin.us-cert.gov/bsi/home.html


MITRE – CWE
The Common Weakness Enumeration (CWE) is a formal list of software weakness types created to serve as a common language for describing software security weaknesses.
http://cwe.mitre.org/


Computer Emergency Response Team (CERT)
CERT has started various different initiatives to tackle the software security problem.
http://www.cert.org/work/software_assurance.html


SANS – SSI
SANS offers resources, white papers and other best practice guides on software security and secure software development.
http://www.sans-ssi.org/resources/

Application Security Best Practices



OWASP Top 10
OWASP Top 10 is a powerful awareness document listing top 10 most critical web application security flaws.
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project


OWASP Development Guide
The aim of the OWASP Development Guide is to allow businesses and development teams to produce secure web applications.
http://www.owasp.org/index.php/Category:OWASP_Guide_Project


OWASP Testing Guide
The OWASP Testing Guide includes a “best practice” penetration testing framework and a “low level” penetration testing guide describing techniques for testing most common web application and web service security issues.
http://www.owasp.org/index.php/Category:OWASP_Testing_Project


OWASP Code Review Guide
OWASP Code Review guide offers information about conducting secure code reviews and to help developers in secure application development.
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project


NIST – Guidelines on Securing Public Web Servers
This version 2.2 of the guidelines on securing public web servers was last published in 2007.
http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf

Secure Software Development Methodologies



Microsoft SDL
Microsoft SDL is the secure software assurance model that provides a collection of mandatory security activities that are grouped by the phases of the traditional software development lifecycle.
http://www.microsoft.com/security/sdl


OWASP CLASP
CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development process.
http://www.owasp.org/index.php/Category:OWASP_CLASP_Project

Software Security Maturity Models



OpenSAMM
The Software Assurance Maturity Model (SAMM) is an open framework to help organisations formulate and implement a strategy for software security that is tailored to the specific risks facing the organisation.
http://www.opensamm.org


The Building Security In Maturity Model (BSIMM)
The Building Security In Maturity Model is designed to help organisations understand, measure, and plan a software security initiative. The BSIMM can help determine how an organisation compares to other real-world software security initiatives and what steps can be taken to make your approach more effective.
http://www.bsimm2.com

Copyright © 2010 AppSecure Labs Limited. All Rights Reserved