SpoC 007 - Best Practices & Countermeasures
AoC Candidate: Jim
Project coordinator: TBA
Project Progress: 0% Complete, Progress Page
Jim - Best Practices & Countermeasures
I have been running the Buffalo, NY OWASP chapter since 2004. I have been President of ISACA WNY since 2005. I have delivered presentations at Buffalo ISSA, Rochester ISSA, ISACA WNY, and Buffalo OWASP meetings on the topic of Web Application Security.
The Best Practices & Countermeasures project will outline best practices that should be followed to address/prevent known web application security issues. The best practices will be divided up into related sections. For instance, there will be an "Authentication" section that would have best practices as follows: 1) Require strong passwords 2) For sensitive sites, require two-factor authentication 3) For intranet sites, tie authentication into existing authentication directory server, such as LDAP. 4) Implement account lock-out after 5 failed login attempts 5) Add a log entry and/or an alert to IDS operators after 5 failed login attempts 6) etc.
Each best practice could also have links to language-specific code constructs that show how to implement each best practice.
It is my hope that this project can be used not only by developers, but also by IT auditors and security professionals during audits & assessments
Why I should be sponsored for the project
I have 15 years experience in IT, with 10 years experience in IT Security. I have a bachelor's degree in Computer Science and professional experience as a programmer/developer.