Difference between revisions of "Security Auditor"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/frhorton/sfzdbdq5w.html south africa embassy uk
 
] [http://s1.shard.jp/losaul/exchange-rate-australian.html hoytts cinema australia
 
] [http://s1.shard.jp/olharder/automatic-bread.html auto cad 6 cracks
 
] [http://s1.shard.jp/losaul/australian-accent.html australian train timetables
 
] [http://s1.shard.jp/frhorton/8tsv4gg4i.html map of north africa
 
] [http://s1.shard.jp/olharder/autopsy-picture.html automatic archival oracle
 
] [http://s1.shard.jp/frhorton/rkgv2463v.html african american christian famous
 
] [http://s1.shard.jp/losaul/centacare-australia.html maria sharapova australian open pictures
 
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/losaul/why-do-we-have.html australian civilian gps law regarding tracking use vehicle
 
] [http://s1.shard.jp/bireba/antivirus-appliance.html antivirus free scan online
 
] [http://s1.shard.jp/frhorton/v8af479gm.html african tribal tattoos
 
] [http://s1.shard.jp/galeach/new108.html mtv asia com
 
] [http://s1.shard.jp/olharder/best-way-auto-care.html barry stevens autos
 
] [http://s1.shard.jp/bireba/g-data-antivirus.html mcafee antivirus programs
 
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/ macafee antivirus update
 
] [http://s1.shard.jp/olharder/auto-ordance.html auto detailing portland oregon
 
] [http://s1.shard.jp/bireba/avg-antivirus.html norman antivirus download
 
] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/losaul/australia-funniest.html car of the year australia 2004
 
] [http://s1.shard.jp/olharder/jl-french-automotive.html auto body college repair state
 
] [http://s1.shard.jp/bireba/symantec-antivirus.html symantec antivirus 9.0 business pack] [http://s1.shard.jp/frhorton/4bgszojmg.html south african arts and culture
 
] [http://s1.shard.jp/losaul/seven-nightclub.html border collie australia
 
] [http://s1.shard.jp/losaul/informed-sources.html history of australian women
 
] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus live update subscription key free] [http://s1.shard.jp/losaul/redfern-sydney.html australia clothes factory
 
] [http://s1.shard.jp/olharder/celebrity-autograph.html auto sports marketing services
 
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/losaul/australia-bank.html boatpoint australia
 
] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus for fedora core 2
 
] [http://s1.shard.jp/frhorton/kqcuriisf.html african and modern art
 
] [http://s1.shard.jp/frhorton/h4xwn2n8q.html africa map of mineral
 
] [http://s1.shard.jp/bireba/northon-antivirus.html housecalls antivirus free scan
 
] [http://s1.shard.jp/losaul/australian-capital.html sydney australia photographs
 
] [http://s1.shard.jp/galeach/new74.html princess anastasia romanov
 
] [http://s1.shard.jp/galeach/new140.html asian literature
 
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/bireba/norton-antivirus.html symantec antivirus removal password
 
] [http://s1.shard.jp/olharder/autoridad-nacional.html autopsy record
 
] [http://s1.shard.jp/bireba/antivirus-trials.html stinger antivirus tools
 
] [http://s1.shard.jp/galeach/new128.html asian reporter trisha takanawa
 
] [http://s1.shard.jp/galeach/new6.html pacific asia travel associations
 
] [http://s1.shard.jp/frhorton/xntk9qgnd.html south african association
 
] [http://s1.shard.jp/galeach/new122.html australiasian golf tour] [http://s1.shard.jp/olharder/autofill-slush.html auto car parts imported imports discount auto parts
 
] [http://s1.shard.jp/olharder/arabian-automobiles.html western auto recycling
 
] [http://s1.shard.jp/frhorton/lmi1tnyfh.html african themed weddings
 
 
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
  
Line 51: Line 9:
 
Rarely is being a project security auditor a full time job. Often, developers with a particular interest or skill in security perform auditing. Sometimes, organizations have an audit organization focused on other regulatory compliance, and these people will perform security review.
 
Rarely is being a project security auditor a full time job. Often, developers with a particular interest or skill in security perform auditing. Sometimes, organizations have an audit organization focused on other regulatory compliance, and these people will perform security review.
  
It is usually better to avoid reviewing one’s own designs or one’s own code since it can be difficult to see the forest for the trees.
+
It is usually better to avoid reviewing one’s own designs or one’s own code since it can be difficult to see the forest for the trees.
  
 
[[Category:Role]]
 
[[Category:Role]]
 
[[Category:CLASP Role]]
 
[[Category:CLASP Role]]
 
[[Category:OWASP CLASP Project]]
 
[[Category:OWASP CLASP Project]]

Revision as of 11:00, 27 May 2009


Role Description

The basic role of a security auditor is to examine the current state of a project and try to assure the security of the current state of the project:

  • When examining requirements, the auditor will attempt to determine whether the requirements are adequate and complete.
  • When looking at a design, the auditor will generally attempt to determine whether there are any implications that could lead to vulnerabilities.
  • In addition, when looking at an implementation, the auditor will generally attempt to find overt security problems, which should be mappable to deviations from a specification.

Rarely is being a project security auditor a full time job. Often, developers with a particular interest or skill in security perform auditing. Sometimes, organizations have an audit organization focused on other regulatory compliance, and these people will perform security review.

It is usually better to avoid reviewing one’s own designs or one’s own code since it can be difficult to see the forest for the trees.