Friday, October 7, 2011

Web Application Security: Business and Risk Considerations

ISACA has a White Paper on its website with the above title. The paper is an excellent resource for those interested in cloud risks and how to address them. That includes a lot of people!

One of the interesting parts of the paper is the table listing the various types of vulnerabilities encountered in the cloud. These include SQL Injection, Cross-site scripting and Insecure Direct Object Reference, among others. The paper goes on to list some areas of security to focus on, including some specific guidance on the old stand-by's of executive support, training and support.

The paper concludes with assurance considerations, including the use of Cobit to strengthen controls.

An excellent paper. You can download it through this link.

No comments: