Professor von Clueless in the Blunder Dome: Criteria for Web Application Security

	Professor von Clueless in the Blunder Dome	status privacy contact
Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus. Atom Feed Associated Blogs Edge City Numbering Peano Orcmid's Lair Praxis101 Spanner Wingnut's Muddleware Lab Recent Items Who Can You Trust? Perfecting Secure Coding The Future of Software Tools It's You? Ping You're It! Self-Publishing Boxed Sets How SCO Changed Our Awareness Uh Oh: Time to Refresh Java Open Source: Shrinking the Trust Surface Open-Source: How Trustworthy, How Secure? Trustworthy Software Security: How Do We Get There From Here? Archives 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12	Tuesday, November 30, 2004 Criteria for Web Application Security ACM News Service: Group Aims to Create Hallmark of Security. 2004-11-13: The Applications Security Consortium is an industry group that is focused on application firewalls for secure web applications. A test program is being created but what I find most important is the list of criteria, including: detection and blocking of malicious executable commands prevention of data insertion through illicit control of format and type prevention of cookie tampering protection of application fields from modification protection of URL parameters Although the group is focused on perimeter defenses and certification of firewalls, this strikes me as something that also requires design attention. Matt Hines and Daw Kawamoto write in the 2004-11-08 CNET News.com article that the programs launch happened at a Computer Security Institute (2014-04-24: now part of Blackhat) conference in the preceding week. OK, OK, so now that takes care of the backlog for November. Now I have the ancients ones to deal with, real soon now. Update 2014-04-24: The Computer Security Institute has vanished from the Internet. But Blackhat seems to carry on what became CSI online. Thanks to Lisa @humanitycampaign.org for the broken-link notification. posted by orcmid at 11/30/2004 03:34:40 PM, rating data by NewsGator Online *Comments:* Post a Comment

You are navigating the Blunder Dome

template created 2004-06-17-20:01 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 14-04-24 17:51 $
$$Revision: 2 $