Danh mục: Các Tiêu Chuẩn An Toàn Thông Tin
-
OWASP Cornucopia
OWASP Cornucopia is a mechanism in the form of a card game to assist software development teams identify security requirements in Agile, conventional and formal development processes. It is language, platform and technology agnostic. Introduction The idea behind Cornucopia is to help development teams, especially those using Agile methodologies, to identify application security requirements and…
-
SABSA Executive Summary
What is SABSA? SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives. It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and…
-
Source Code Analysis Tools (SAST)
Contributor(s): Dave Wichers, itamarlavender, will-obrien, Eitan Worcel, Prabhu Subramanian, kingthorin, coadaflorin, hblankenship, GovorovViva64, pfhorman, GouveaHeitor, Clint Gibler, DSotnikov, Ajin Abraham, Noam Rathaus, Mike Jang Source code analysis tools, also known as Static Application Security Testing (SAST) Tools, can help analyze source code or compiled versions of code to help find security flaws. SAST tools can be added…
-
OWASP Proactive Controls
What is This? The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project. OWASP Top 10 Proactive Controls 2018 Software developers are the foundation of any application. In order to achieve secure software, developers must be supported and helped by the…
-
OWASP Top 10 Application Security Risks – 2017
A1:2017-Injection Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. A2:2017-Broken Authentication Application functions related to authentication and session management…
-
800-63 Digital Identity Guidelines
The four-volume SP 800-63 Digital Identity Guidelines document suite is available in both PDF format and online. PDF versions of the documents are available from: Document Title URL SP 800-63-3 Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3 SP 800-63A Enrollment and Identity Proofing https://doi.org/10.6028/NIST.SP.800-63a SP 800-63B Authentication and Lifecycle Management https://doi.org/10.6028/NIST.SP.800-63b SP 800-63C Federation and Assertions https://doi.org/10.6028/NIST.SP.800-63c Links to the…
-
Tiêu chuẩn xác minh bảo mật ứng dụng OWASP ASVS v4.0
Tiêu chuẩn xác minh bảo mật ứng dụng OWASP ASVS 4.0