C
C
cat_crash2011-08-12 21:39:03
Computer networks
cat_crash, 2011-08-12 21:39:03

Is there a standard that regulates the mandatory requirements for ensuring the security of web applications (sites)

Good day.

Inspired by the latest events of MTBank and Beeline...
Due to my work, I am interested in security in the field of web development, incl. web sites. I searched for a long time - is there any standard and standardization of the site for security compliance. I know about iso27001

, but de facto it does not protect sites much, and is quite difficult to implement in small and medium-sized organizations
OWASP - there is no standard as such, there is more a set of tools, information, information for thought
subject of vulnerabilities.

Ideally, what would you like to see: a document giving clear instructions on what and how should be done to ensure the security of the site (similar to ISO 27001 but more technical in terms of web technologies)

Answer the question

In order to leave comments, you need to log in

6 answer(s)
A
Andrew, 2011-08-14
@OLS

As they say, NIST has it all:
csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf

A
Andrey Shiryaev, 2011-08-12
@Claud

Maybe it's better to learn about the methods and how they are carried out, and then you can protect yourself from them. But for the security of servers, I remember there were such.

S
snowytoxa, 2011-08-13
@snowytoxa

Take the OWASP Development Guide, this is specifically about the web. As for the web environment (server, subd, other software), use any other more general standard.
If you are interested, look towards PCI DSS, it is clear that it is not about you at all, but there are interesting ideas there.

V
Vladimir Chernyshev, 2011-08-13
@VolCh

It may be useful to order the FSTEC "ON APPROVAL OF THE REGULATION ON METHODS AND WAYS TO PROTECT INFORMATION IN INFORMATION SYSTEMS OF PERSONAL DATA"
ispdn.ru/law/5821/#text

E
Eskimo, 2011-08-15
@Eskimo

Somewhere while writing the course I saw a document ~ "guideline / manual on the technical part for state sites." You should search. Well, here is the Guide to Secure Web Services. Didn't read any more.

A
Abbas Gusenov, 2018-06-01
@gusenov

I was recently interested in the requirements of the NIST 800-95 (Guide to Secure Web Services) standard for securing web portals and made a couple of diagrams :
Maybe someone else will come in handy.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question