New WebInspect Compliance Templates

We've recently added three new compliance templates to our suite of products. Simply SmartUpdate to download and install the new templates. A description of each follows:

 

  • DoD Application Security and Development STIG V3 R2: This compliance template will report on all applicable web application components of the Application Security and Development Security Technical Implementation Guide (STIG) Version 3, Release 1. The STIG provides security guidance for use throughout the application development lifecycle. Defense Information Systems Agency (DISA) encourages sites to use these guidelines as early as possible in the application development process.

 

  • SANS CWE Top 25: The 2010 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all. This compliance template will report on all applicable web application components of this list.

 

  • WASC: This compliance template is based on the Web Application Security Consortium threat classes. The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. What's great about this compliance template is that when used in conjunction with the All Checks policy, you can generate a compliance report that includes each vulnerability check contained in SecureBase.

Comments
Don Jarmon(anon) | ‎03-22-2012 01:40 PM

DoD Application Security and Development STIG V3 R2: This compliance template will report on all applicable web application components of the Application Security and Development Security Technical Implementation Guide (STIG) Version 3, Release 1. The STIG provides security guidance for use throughout the application development lifecycle. Defense Information Systems Agency (DISA) encourages sites to use these guidelines as early as possible in the application development process.

 

The current DoD Application Security and development STIG is Version 3, Release 4.  Is there an updated complaince template available? 

 

Thanks

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation