Куда я попал?
OWASP Building Security In Maturity Model
Framework
AA1.1: 99
Для проведения оценки соответствия по документу войдите в систему.
Список требований
-
[AA1.1: 99] PERFORM SECURITY FEATURE REVIEW.
Security-aware reviewers identify application security features, review these features against application security requirements and runtime parameters, and determine if each feature can adequately perform its intended function—usually collectively referred to as threat modeling. The goal is to quickly identify missing security features and requirements, or bad deployment configuration (authentication, access control, use of cryptography, etc.), and address them. For example, threat modeling would identify both a system that was subject to escalation of privilege attacks because of broken access control as well as a mobile application that incorrectly puts PII in local storage. Use of the firm’s secureby-design components often streamlines this process (see [SFD2.1]). Many modern applications are no longer simply “3-tier” but instead involve components architected to interact across a variety of tiers—browser/endpoint, embedded, web, microservices, orchestration engines, deployment pipelines, third-party SaaS, etc. Some of these environments might provide robust security feature sets, whereas others might have key capability gaps that require careful analysis, so organizations should consider the applicability and correct use of security features across all tiers that constitute the architecture and operational environment.
Название | Severity | IP | Integral | |
---|---|---|---|---|
1111111 111 11 1111 11111111111111111 1111111 1 11111111111111111 |
-
|
1 |
-
|
|
11 111111111 111 1111111111111111111111111 1111 1 11111 1111111 |
-
|
1 |
-
|
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.