|Join hundreds of InfoSec professionals at our upcoming |
[Global AppSec Amsterdam, September 23-27]
Other really good requirements that aren't generic enough to be part of the project but that might be what you're looking for in YOUR environment
Infrastructure Tips and Requirements
- No internal hostnames or addresses will be published on internet-facing DNS servers
- Management interfaces will never be on internet-facing interfaces
- Egress-blocking will be strictly enforced in DMZs. Only necessary traffic will be permitted to be initiated outbound.
OS and Webserver Tips and Requirements
- All Windows systems will be members of a dedicated DMZ domain/forest
ModSecurity will be running with a basic ruleset
iPhone Tips and Requirements
- I have no idea but there's probably SOMETHING
- Maybe "checks for jailbreak and won't install"
Language Tips and Requirements
- Will adhere to ESAPI guidelines, standards, and code to the maximum extent possible.
- Will adhere to .Net ESAPI guidelines, standards, and code to the maximum extent possible.
- <sarcasm>Shall be discarded in favor of dang near anything else</sarcasm>