由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Working版 - Application Security space in a nutshell (转载)
相关主题
建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)大家有签防竞争协议么
包子请教:关于pension的问题。H1 transfer是不是必须等拿到USCIS的收据才能开始工作?
Re: 在美国加班有额外工资吗?为什么很多单位不sponsor H1啊
Re: [转载] 大家对really small的company怎么看?这是Stock option吗?貌似叫偶投资呀。
Re: career 困惑老东家约我回去, 如何应付?
Oracle job opportunity for fresh graduate给大家推荐几个Startup和我的筛选方法 (转载)
公司招聘Microsoft BI Report Developer (转载)government contractor周末兼职
更正一个F2-H1B开始上班时间的误区bioinformatic is just a SCIFI
相关话题的讨论汇总
话题: security话题: web话题: owasp
进入Working版参与讨论
1 (共1页)
c********t
发帖数: 4527
1
【 以下文字转载自 JobHunting 讨论区 】
发信人: choosewhat (前半生靠运气,后半生靠人品), 信区: JobHunting
标 题: Application Security space in a nutshell
发信站: BBS 未名空间站 (Mon Dec 10 16:18:35 2012, 美东)
Simply from Wiki:
Application security encompasses measures taken throughout the application's
life-cycle to prevent exceptions in the security policy of an application
or the underlying system (vulnerabilities) through flaws in the design,
development, deployment, upgrade, or maintenance of the application.
Applications only control the use of resources granted to them, and not
which resources are granted to them. They, in turn, determine the use of
these resources by users of the application through application security.
Open Web Application Security Project (OWASP) and Web Application Security
Consortium (WASC) updates on the latest threats which impair web based
applications. This aids developers, security testers and architects to focus
on better design and mitigation strategy. OWASP Top 10 has become an
industrial norm in assessing Web Applications.
What information we can get from the description?
1. One part of Application security is security (policy) manageability,
generally, Authentication, Authorization and Audit (AAA). In the modern
application (web, enterprise arena), it is called Identity and Access
Management, it further extended to Provisioning, Identity Federation, Risk
Governance.
This is a matured industry. However it is going through the second Spring
due to SAAS.

2. Another part of Application security is system vulnerability. It involved
skills/techniques to analyse System threat and prevent attack and exploit
from application level. This never matured as an industry. It is more like a
hacker vs anti hackers, tools, best practices etc. Of course there are a
few good startups are coming out of it very good (vulnerability scanning
tools). Almost every big companies or sites has small group people called
security research scientists, they are responsible for the application
security design and vulnerability mitigation.
3. How to get to the industry?
Follow: Open Web Application Security Project (OWASP) and Web
Application Security Consortium (WASC)
Find a job in the industry (there are tons of hiring due the second
Spring in the IAM SAAS(Security as a services). I don't think the bar is
high for entering the space.
Get some knowledge skills in the security standards, communities and
open source projects, like SAML, OpenId, OAuth etc.

1 (共1页)
进入Working版参与讨论
相关主题
bioinformatic is just a SCIFIRe: career 困惑
申请了公司内部的另一个职位,但又改变了主意,可以吗?Oracle job opportunity for fresh graduate
A interview question - describe "Empowerment"公司招聘Microsoft BI Report Developer (转载)
你们觉得工作有劲吗?更正一个F2-H1B开始上班时间的误区
建议马工们有机会多搞信息安全、安全开发方面的东西 (转载)大家有签防竞争协议么
包子请教:关于pension的问题。H1 transfer是不是必须等拿到USCIS的收据才能开始工作?
Re: 在美国加班有额外工资吗?为什么很多单位不sponsor H1啊
Re: [转载] 大家对really small的company怎么看?这是Stock option吗?貌似叫偶投资呀。
相关话题的讨论汇总
话题: security话题: web话题: owasp