Software Engineering, Project Management, and Effectiveness
The Web Application Security Frame is a set of categories you can use to scope security and improve your effectiveness. It consists of the following categories:
We created these categories during Improving Web Application Security to represent two things:1. Where are the most common mistakes made2. Where are the most actionable improvements
How do you use these to be more effective? You use these categories to focus and prioritize your security work. For example, if you know the most prevalent security issues occur in the input validation, authentication and authorization categories, you can start there.
You can immediately put the Web Application Security Frame into action. when you perform Security Design Inspections or Security Code Inspections you can use the frame to walk categories of common security issues. To do so, see the following:
For more information on the Web Application Security Frame, see Cheat Sheet: Web Application Security Frame.