Google "STRIDE" and "DREAD" in terms of computer security;
http://wiki.okopipi.org/wiki/Security_concerns
-- c0redump
----- Original Message -----
From: huan chen
To: full-disclosure@lists.grok.org.uk
Sent: Friday, June 30, 2006 3:40 AM
Subject: [Full-disclosure] Fw: [WEB SECURITY] Application Security Program
forwarding to this list for opinion...
----- Original Message -----
From: "huan chen" <[EMAIL PROTECTED]>
To: "Web Security" <[EMAIL PROTECTED]>
Sent: Thursday, June 29, 2006 3:51 PM
Subject: [WEB SECURITY] Application Security Program
List,
We are trying to design a big picture information security program for out
organization. The goal is to concentrate on application security. Sub
tasks should include stuff like policy gap analysis, pen test balc box and
white box, etc. The goal is to do all the activities and measure progress
on an yearly basis/
Are thier any existing frameworks? Anything that has worked / not worked
for you guys?
Thanks
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
