Measuring and Managing Information Risk: A FAIR Approach by Jack Freund & Jack Jones
Author:Jack Freund & Jack Jones [Freund, Jack]
Language: eng
Format: azw3
ISBN: 9780127999326
Publisher: Elsevier Science
Published: 2014-08-22T16:00:00+00:00
Web application risk
Web application vulnerability is a special case of the previous section. There are some unique aspects about it, however, that warrant a short section unto itself.
Similar to vulnerability scanner results in general, we very often see results from web application scanners that donât stand up to even superficial review. Consequently, organizations are faced with the same choices we mentioned beforeâaggressive remediation regardless of the cost, setting long remediation timelines, or a lot of missed remediation deadlines. Aggressive remediation of web application vulnerabilitiesâespecially for applications written in-house by the organizationâpotentially has a more direct effect on the organizationâs ability to grow and evolve as a business. Specifically, very often the programmers who are tasked with fixing vulnerable conditions are the same ones who should be developing new business-enabling web application capabilities and features. As a result, the time spent fixing bugs equates to lost business opportunity. This can create a pretty strong tension between the security team and the development team, as the security team is focused on protecting the organization and the development team is focused on growing the business. It also makes it especially important to only fix bugs that really need to be fixed. Ideally, organizations avoid this problem by writing secure code to begin with, but this is sometimes easier said than done given the complexity of some applications, the inevitable variability in developer skills, and the evolution of threat capabilities.
Some important considerations that can help you triage the findings (weâll call the findings âdeficienciesâ) that come out of many web application vulnerability scanners include:
⢠Is the web application Internet-facing? If it isnât, then the TEF should be considerably lower, unless an organization has a pretty unusual internal threat landscape.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Zero to IPO: Over $1 Trillion of Actionable Advice from the World's Most Successful Entrepreneurs by Frederic Kerrest(3688)
Harry Potter and the Goblet Of Fire by J.K. Rowling(3434)
Never by Ken Follett(3355)
Ogilvy on Advertising by David Ogilvy(3135)
Machine Learning at Scale with H2O by Gregory Keys | David Whiting(3059)
Shadow of Night by Deborah Harkness(3027)
The Man Who Died Twice by Richard Osman(2655)
My Brilliant Friend by Elena Ferrante(2577)
Book of Life by Deborah Harkness(2568)
How Proust Can Change Your Life by Alain De Botton(2494)
0041152001443424520 .pdf by Unknown(2473)
The Tipping Point by Malcolm Gladwell(2424)
Will by Will Smith(2420)
How to Pay Zero Taxes, 2018 by Jeff A. Schnepper(2360)
Hooked: A Dark, Contemporary Romance (Never After Series) by Emily McIntire(2295)
Purple Hibiscus by Chimamanda Ngozi Adichie(2269)
Rationality by Steven Pinker(2026)
Borders by unknow(1997)
Daughter of Smoke and Bone by Laini Taylor(1948)
