Difference between revisions of "CISO AppSec Guide: References"

From OWASP
Jump to: navigation, search
m
m (Guidelines and Best Practices: Removed angle brackets)
 
(4 intermediate revisions by 2 users not shown)
Line 5: Line 5:
 
== Metrics and Benchmarking ==
 
== Metrics and Benchmarking ==
 
In order of report release date.
 
In order of report release date.
 +
 +
=== 2013 ===
 +
*  Verizon 2013 Data Breach Investigation Report: http://www.verizonenterprise.com/DBIR/2013/
 +
 +
* Security Innovation and the Ponemon Institute: The Current(2013) State of Application Security report:https://www.securityinnovation.com/security-lab/our-research/current-state-of-application-security.html
  
 
=== 2012 ===
 
=== 2012 ===
* Security Innovation and Poneman Institute's 2012 Application Security Gap Study: A Survey of IT Security & Developers: https://www.securityinnovation.com/uploads/Application%20Security%20Gap%20Report.pdf
+
* Security Innovation and Ponemon Institute's 2012 Application Security Gap Study: A Survey of IT Security & Developers: https://www.securityinnovation.com/uploads/Application%20Security%20Gap%20Report.pdf
  
 
=== 2011 ===
 
=== 2011 ===
Line 30: Line 35:
 
* PCI-DSS: https://www.pcisecuritystandards.org/security_standards/index.php  
 
* PCI-DSS: https://www.pcisecuritystandards.org/security_standards/index.php  
  
* OWASP Top Ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
+
* OWASP Application Security Verification Standard https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
  
 
== Guidelines and Best Practices ==  
 
== Guidelines and Best Practices ==  
 +
 +
* OWASP Top Ten: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  
 
* Supplement to Authentication in an Internet Banking Environment: http://www.fdic.gov/news/news/press/2011/pr11111a.pdf  
 
* Supplement to Authentication in an Internet Banking Environment: http://www.fdic.gov/news/news/press/2011/pr11111a.pdf  
  
* Feiman, Joseph. Teleconference on Application Security. 9 Oct. 2008. Gartner. 30 Sept. 2013 <http://www.gartner.com/it/content/760400/760421/ks_sd_oct.pdf>.
+
* Feiman, Joseph. Teleconference on Application Security. 9 Oct. 2008. Gartner. 30 Sept. 2013 http://www.gartner.com/it/content/760400/760421/ks_sd_oct.pdf
  
 
== Security Incidents and Data Breaches ==  
 
== Security Incidents and Data Breaches ==  
Line 75: Line 82:
 
* State of Application Security - Immature Practices Fuel Inefficiencies, But Positive ROI Is Attainable, Forrester Consulting, 2011 http://www.microsoft.com/downloads/en/details.aspx?FamilyID=813810f9-2a8e-4cbf-bd8f-1b0aca7af61d&amp;displaylang=en
 
* State of Application Security - Immature Practices Fuel Inefficiencies, But Positive ROI Is Attainable, Forrester Consulting, 2011 http://www.microsoft.com/downloads/en/details.aspx?FamilyID=813810f9-2a8e-4cbf-bd8f-1b0aca7af61d&amp;displaylang=en
  
== NEEDS CATEGORIES ==
+
* Dan E Geer Economics and Strategies of Data Security: http://www.amazon.com/Economics-Strategies-Data-Security-DANIEL/dp/B001LZM1BY
 
+
 
+
 
+
== DEAD LINKS ==
+
 
+
* Dan E Geer Economics and Strategies of Data Security: http://www.verdasys.com/thoughtleadership/  
+
(Use link to Amazon book page?)
+
 
+
  
 
[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]
 
[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

Latest revision as of 11:47, 6 November 2013

< Back to the Application Security Guide For CISOs

References

Metrics and Benchmarking

In order of report release date.

2013

2012

2011

2010

2009 and prior

Standards

Guidelines and Best Practices

Security Incidents and Data Breaches

Security Investments and Budgets

  • Gordon, L.A. and Loeb, M.P. “The economics of information security investment”, ACM Transactions on Information and Systems Security, Vol.5, No.4, pp.438-457, 2002.