[WEB SECURITY] NIST Guide
Danny Allan
dannya at watchfire.com
Mon Aug 29 14:37:17 EDT 2005
Is anyone else out there surprised that the NIST Guide for Assessing the
Security Controls in Federal Information Systems does not contain any
mention of web application security?
http://csrc.nist.gov/publications/drafts/sp800-53A-ipd.pdf
Given that this is a 150 page document detailing controls from the
network to viruses, one would think this would be of higher priority for
the government. This is even more true after seeing the Payment Card
Industry include this as part of the Security Standard guideline.
Perhaps having readily available information such as the WASC Statistics
project would only elevate the criticality of including web application
security in guidelines like this.
Thoughts?
Danny Allan
Strategic Research Engineer
Watchfire Corporation
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list