Ounce in the News

Web Security Remains Wild and Wooly

10/9/2007, Enterprise Systems

Summary

Managing the tension point between the accessibility and availability of your corporate website or blog against its security remains a moving target, and some industry groups are calling for a fundamental paradigm shift. For example, the Open Web Application Security Project (OWASP) Foundation offers standards, documentation, and tools to help organizations get a better understanding of the risk presented by their Web applications. OWASP’s chief evangelist, Dinis Cruz, also a security consultant for software risk analysis company Ounce Labs, thinks that security auditing of software and applications is easier and more productive if programmers would isolate their I/O into one place/module in their code; in effect, sandboxing the 99 percent of code that is not required to be in the open. Cruz’s suggestions, besides awareness of application security and database protection, include urging big companies to adopt in-the-sandbox thinking for better web application security design.

Read the full article at Enterprise Systems.

Learn more about web application security.