parsonsisconsulting

Parsons Software Security Consulting Blog

Software Security Checklist

leave a comment »

For the next few posts we will be going in detail on what is necessary for a software security checklist.   This is the one that Parsons Software Security Consulting, LLC uses.   I will first post a high level overview of the checklist and then detail it out.

 

  1. Where is the application? Where does it reside?
  2. Who uses the application?   What is the use case scenario?
  3. Who are the attackers?
  4. What does the application do?
  5. What are the vulnerabilities in the application?
  6. Implement policies that are already being used BSIMM.
  7. Use automated review for large applications.
  8. Create a secure coding check list.
  9. AUDITING AND LOGGING
  10. COOKIES AND PASSWORDS
  11. TECHNOLOGIES THAT CAN NOT BE USE
  12. ATTACKS ON SESSION
  13. WHAT COULD AN ATTACKER DO TO YOUR APPLICATION
  14. PASSWORD POLICIES
  15. GETS AND POSTS
  16. ACCESS CONTROL POLICIES
  17. VALIDATE ALL INPUT
  18. UPLOADS AND DOWNLOADS OF FILES
  19. PREVENT XSS
  20. PREVENT SQL INJECTION
  21. INFORMATION LEAKAGE
  22. APPLICATION DENIAL OF SERVICE
  23. DOCUMENT SECURITY
  24. CENTRALIZE SECURITY
  25. CODING RULES
  26. TESTING

 

 

Parsons Software Security Consulting, LLC

Matt Parsons, CISSP, MSM

mparsons [at] gmail.com

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Written by mparsons1980

November 20, 2010 at 10:10 am

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: