欢迎来到starnight_cyber的博客

[译]The Complete Application Security Checklist

  本文译自:The Complete Application Security Checklist

完整的应用程序安全检查表

11个最佳做法,最大限度地降低风险并保护您的数据

Address the No. 1 attack vector—your applications.

解决你的应用程序的第一个攻击向量。

Best practice 1: Eliminate vulnerabilities before applications go into production.
Best practice 2: Address security in architecture, design, and open source and third-party components.
Best practice 3: Adopt security tools that integrate into the developer’s environment.
  • 最佳实践1:在应用程序投入生产之前消除漏洞。
  • 最佳实践2:解决体系结构、设计、开源和第三方组件中的安全问题。
  • 最佳实践3:采用集成到开发人员环境中的安全工具。

Put the right tools in place.

把对的工具放在对的位置。

Best practice 4: Build an “AppSec toolbelt” that brings together the solutions needed to address your risks.
Best practice 5: Analyze your application security risk profile so you can focus your efforts.
  • 最佳实践4:构建一个“AppSec工具带”,将解决风险所需的解决方案集合在一起。
  • 最佳实践5:分析应用程序安全风险状况,以便集中精力。

Ensure your team has sufficient skills and resources.

确保你的团队有足够的技能和资源。

Best practice 6: Develop a program to raise the level of AppSec competency in your organization.
Best practice 7: Provide your staff with sufficient training in AppSec risks and skills.
Best practice 8: Augment internal staff to address skill and resource gaps.
  • 最佳实践6:制定一个计划来提高您组织中AppSec的能力水平。
  • 最佳实践7:为您的员工提供AppSec风险和技能方面的充分培训。
  • 最佳做法8:增加内部工作人员以解决技能和资源缺口。

Address changing AppSec risks when moving to the cloud.

移动到云时,地址更改AppSec的风险。

Best practice 9: Make sure you understand your cloud security provider’s risks and controls.
Best practice 10: Develop a structured plan to coordinate security initiative improvements with cloud migration.
Best practice 11: Establish security blueprints outlining cloud security best practices.
  • 最佳实践9:确保您了解云安全提供商的风险和控制。
  • 最佳实践10:制定一个结构化计划,以协调安全计划改进与云迁移。
  • 最佳实践11:建立概述云安全最佳实践的安全蓝图。
posted @ 2020-01-09 19:00  starnight_cyber  阅读(...)  评论(...编辑  收藏