Secure Web-Application
Within the framework of the procurement of Web application substantial security holes were evident (recognized by by examinations/ (IT-Securtiy checks).
The Web applications are ordered by the company at different suppliers, who carry out the software development. In the course of the agency, however, there is no further specification concerning the requirement to IT-regarding to an implicit approach „it just must be safe “.
These facts cause the following problems:
+ The level of IT-Security is not defined and depends on the
provider
+ The frame of vunerabilities found by security-checks cannot be
regarded as lacks, no specification is available.
+ The repair of vunerabilties depends on the goodwill of the
providers
+ If clients-data are run at this Website, the data protection is
not guaranteed.
Taggings:
- Log in to post comments
1 answer
Secure Web-Application
First researches showed, that there are several standards for the range of software development (e.g. IEEE 730, 829, 830,…) particularly with the emphasis of quality management. In addition there are guidelines for IT-security (ISO 27001) or the standard according BSI. In the center of these regulations there is the demand of preserving security, but rarely a hint of the operational way how to come to it.
Only A7700 - „requirements in terms of safety at Web applications contains “a practice-oriented approach and a complete cover of the safety requirement at Web application.
On basis of A7700 an assignment guideline was developed, considering the internal requirements (architecture, used data bases,…), which must be added with every procurement of a Web application.
Link: ÖNORM A 7700 (http://www.a7700.org/)
Taggings:
- Log in to post comments