Difference between revisions of "CISO AppSec Guide: References"

From OWASP
Jump to: navigation, search
m (References: OTT moved to guidelines, and ASVS added into Standards)
Line 35: Line 35:
 
* PCI-DSS: https://www.pcisecuritystandards.org/security_standards/index.php  
 
* PCI-DSS: https://www.pcisecuritystandards.org/security_standards/index.php  
  
* OWASP Top Ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
+
* OWASP Application Security Verification Standard https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
  
 
== Guidelines and Best Practices ==  
 
== Guidelines and Best Practices ==  
 +
 +
* OWASP Top Ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  
 
* Supplement to Authentication in an Internet Banking Environment: http://www.fdic.gov/news/news/press/2011/pr11111a.pdf  
 
* Supplement to Authentication in an Internet Banking Environment: http://www.fdic.gov/news/news/press/2011/pr11111a.pdf  

Revision as of 11:46, 6 November 2013

< Back to the Application Security Guide For CISOs

References

Metrics and Benchmarking

In order of report release date.

2013

2012

2011

2010

2009 and prior

Standards

Guidelines and Best Practices

Security Incidents and Data Breaches

Security Investments and Budgets

  • Gordon, L.A. and Loeb, M.P. “The economics of information security investment”, ACM Transactions on Information and Systems Security, Vol.5, No.4, pp.438-457, 2002.