A Corporate Application Security Program
This is a real nice article in CSO magazine about setting up a corporate application security program.
Rather than regurgitating the usual party line -- code reviews, scans and application layer firewalls -- Mark Carney of Fishnet Security gives a high-level overview with a comprehensive program.
Yes, others have said that application security has to be integrated into the development lifecycle, like Microsoft's Security Development Lifecycle. But this article goes beyond that and is more comprehensive.
Rather than regurgitating the usual party line -- code reviews, scans and application layer firewalls -- Mark Carney of Fishnet Security gives a high-level overview with a comprehensive program.
Yes, others have said that application security has to be integrated into the development lifecycle, like Microsoft's Security Development Lifecycle. But this article goes beyond that and is more comprehensive.
posted by The IT Security Guy at 7:32 PM
0 Comments:
Post a Comment
<< Home