由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Boston版 - Application Security space in a nutshell (转载)
相关主题
建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)Application Security space in a nutshell (转载)
Re: Nature, 叶诗文, 造假, 饶毅, 施一公, 王小东 (转载)建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)
最近形势能不来弯曲就不来吧 (转载)建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)
Boston 小公司内推【多职位】 (转载)Application Security Engineer职业前景
Boston 小公司内推【多职位】 (转载)请问大IT公司security组的职业前景怎么样
请问在买房P&S中被删掉这些条款合理吗内推上市公司Application Security Engineer
夏天短期出租哈佛附近一室1 opening [Performance Engineer] Bay area (转载)
Application Security space in a nutshell招聘:Software Enigneer, Security Engineer, Site Reliability Enigneer, DBA
相关话题的讨论汇总
话题: security话题: web话题: owasp
进入Boston版参与讨论
1 (共1页)
c********t
发帖数: 4527
1
【 以下文字转载自 JobHunting 讨论区 】
发信人: choosewhat (前半生靠运气,后半生靠人品), 信区: JobHunting
标 题: Application Security space in a nutshell
发信站: BBS 未名空间站 (Mon Dec 10 16:18:35 2012, 美东)
Simply from Wiki:
Application security encompasses measures taken throughout the application's
life-cycle to prevent exceptions in the security policy of an application
or the underlying system (vulnerabilities) through flaws in the design,
development, deployment, upgrade, or maintenance of the application.
Applications only control the use of resources granted to them, and not
which resources are granted to them. They, in turn, determine the use of
these resources by users of the application through application security.
Open Web Application Security Project (OWASP) and Web Application Security
Consortium (WASC) updates on the latest threats which impair web based
applications. This aids developers, security testers and architects to focus
on better design and mitigation strategy. OWASP Top 10 has become an
industrial norm in assessing Web Applications.
What information we can get from the description?
1. One part of Application security is security (policy) manageability,
generally, Authentication, Authorization and Audit (AAA). In the modern
application (web, enterprise arena), it is called Identity and Access
Management, it further extended to Provisioning, Identity Federation, Risk
Governance.
This is a matured industry. However it is going through the second Spring
due to SAAS.

2. Another part of Application security is system vulnerability. It involved
skills/techniques to analyse System threat and prevent attack and exploit
from application level. This never matured as an industry. It is more like a
hacker vs anti hackers, tools, best practices etc. Of course there are a
few good startups are coming out of it very good (vulnerability scanning
tools). Almost every big companies or sites has small group people called
security research scientists, they are responsible for the application
security design and vulnerability mitigation.
3. How to get to the industry?
Follow: Open Web Application Security Project (OWASP) and Web
Application Security Consortium (WASC)
Find a job in the industry (there are tons of hiring due the second
Spring in the IAM SAAS(Security as a services). I don't think the bar is
high for entering the space.
Get some knowledge skills in the security standards, communities and
open source projects, like SAML, OpenId, OAuth etc.

1 (共1页)
进入Boston版参与讨论
相关主题
招聘:Software Enigneer, Security Engineer, Site Reliability Enigneer, DBABoston 小公司内推【多职位】 (转载)
Doctors To Pregnant Women: Wait At Least 39 Weeks请问在买房P&S中被删掉这些条款合理吗
CS Ph.d @ UTD夏天短期出租哈佛附近一室
怎样的构架才算Private Cloud?Application Security space in a nutshell
建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)Application Security space in a nutshell (转载)
Re: Nature, 叶诗文, 造假, 饶毅, 施一公, 王小东 (转载)建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)
最近形势能不来弯曲就不来吧 (转载)建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)
Boston 小公司内推【多职位】 (转载)Application Security Engineer职业前景
相关话题的讨论汇总
话题: security话题: web话题: owasp