Difference between revisions of "Codereview-Deployment"

From OWASP
Jump to: navigation, search
(New page: === Secure application deployment === Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment. Having secure code but t...)
 
m (Review - spelling)
Line 2: Line 2:
  
 
Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment.
 
Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment.
Having secure code but the envronment upon which the code resides is a lost cause.  
+
Having secure code but the environment upon which the code resides is a lost cause.  
Accessing resources directly muct be controlled within the environment;
+
Accessing resources directly must be controlled within the environment;
  
 
Areas such as configuration files, directories, & resources which need authorisation need to be secured on the host such that direct access to such artifacts is disallowed.
 
Areas such as configuration files, directories, & resources which need authorisation need to be secured on the host such that direct access to such artifacts is disallowed.

Revision as of 15:43, 26 August 2008

Secure application deployment

Outside of the actual code to review one must examine if the deployment of a web application is within a secure environment. Having secure code but the environment upon which the code resides is a lost cause. Accessing resources directly must be controlled within the environment;

Areas such as configuration files, directories, & resources which need authorisation need to be secured on the host such that direct access to such artifacts is disallowed.