由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
JobHunting版 - Application Security space in a nutshell
相关主题
请问大IT公司security组的职业前景怎么样至少我知道这个学校可以挂靠40h CPT
Application Security Engineer职业前景有人从ITU出来的吗
1 opening [Performance Engineer] Bay area (转载)有已经在ITU上课的同学吗?
招聘:Software Enigneer, Security Engineer, Site Reliability Enigneer, DBA在itu之类学校挂身份的同学 有用f1回国的么?
Open Position - Research Scientist at McAfee Inc.有人举报ITU滥发CPT,我不知道这种同胞是何居心
Job opening: PHP DEVELOPER(employee based PHP position in Dover NJ)现在网站登录一次,每个新tab都能识别,是怎么做的?
Multiple Openings at Yahoo! Membership Teamebay refer fresh graduate
networking , security 的面試題 去哪看?java position in Columbus Ohio
相关话题的讨论汇总
话题: security话题: web话题: owasp
进入JobHunting版参与讨论
1 (共1页)
c********t
发帖数: 4527
1
Simply from Wiki:
Application security encompasses measures taken throughout the application's
life-cycle to prevent exceptions in the security policy of an application
or the underlying system (vulnerabilities) through flaws in the design,
development, deployment, upgrade, or maintenance of the application.
Applications only control the use of resources granted to them, and not
which resources are granted to them. They, in turn, determine the use of
these resources by users of the application through application security.
Open Web Application Security Project (OWASP) and Web Application Security
Consortium (WASC) updates on the latest threats which impair web based
applications. This aids developers, security testers and architects to focus
on better design and mitigation strategy. OWASP Top 10 has become an
industrial norm in assessing Web Applications.
What information we can get from the description?
1. One part of Application security is security (policy) manageability,
generally, Authentication, Authorization and Audit (AAA). In the modern
application (web, enterprise arena), it is called Identity and Access
Management, it further extended to Provisioning, Identity Federation, Risk
Governance.
This is a matured industry. However it is going through the second Spring
due to SAAS.

2. Another part of Application security is system vulnerability. It involved
skills/techniques to analyse System threat and prevent attack and exploit
from application level. This never matured as an industry. It is more like a
hacker vs anti hackers, tools, best practices etc. Of course there are a
few good startups are coming out of it very good (vulnerability scanning
tools). Almost every big companies or sites has small group people called
security research scientists, they are responsible for the application
security design and vulnerability mitigation.
3. How to get to the industry?
Follow: Open Web Application Security Project (OWASP) and Web
Application Security Consortium (WASC)
Find a job in the industry (there are tons of hiring due the second
Spring in the IAM SAAS(Security as a services). I don't think the bar is
high for entering the space.
Get some knowledge skills in the security standards, communities and
open source projects, like SAML, OpenId, OAuth etc.

1 (共1页)
进入JobHunting版参与讨论
相关主题
java position in Columbus OhioOpen Position - Research Scientist at McAfee Inc.
new graduate刚工作如何快速上手出活。Job opening: PHP DEVELOPER(employee based PHP position in Dover NJ)
Senior Software Architect Austin,TXMultiple Openings at Yahoo! Membership Team
请大家推荐一本练习java coding的书?类似于exercise+solution的??networking , security 的面試題 去哪看?
请问大IT公司security组的职业前景怎么样至少我知道这个学校可以挂靠40h CPT
Application Security Engineer职业前景有人从ITU出来的吗
1 opening [Performance Engineer] Bay area (转载)有已经在ITU上课的同学吗?
招聘:Software Enigneer, Security Engineer, Site Reliability Enigneer, DBA在itu之类学校挂身份的同学 有用f1回国的么?
相关话题的讨论汇总
话题: security话题: web话题: owasp