security checklist
Dear experts,
We are developing a huge and critical web site with jsp, our customer looking for security checklist and measurement, any web site (company ) that help to check our code security ( running code) and provide full report?
Also to provide check list for any important points or security holes to us to check it against our code...
Any help will be highly appreciated..
We are developing a huge and critical web site with jsp, our customer looking for security checklist and measurement, any web site (company ) that help to check our code security ( running code) and provide full report?
Also to provide check list for any important points or security holes to us to check it against our code...
Any help will be highly appreciated..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FYI: testing of websites is often refered to as "Tiger Attacks", "Tiger Team Attacks" or "White Hat Attacks" not just penetration testing.
Other aspects you should look at if your app is a critical one are:
Redundancy: server crash and fallover
Firewall/DMZ: natch
DDOS attacks: Distributed Denial Of Service. Several bookmakers have been on record stating that they have had people blackmail them by threatening DDOS attacks. Make sure that you have plans to deal with this inclucding filtering. Here's a great account of one, http://www.grc.com/dos/drdos.htm
Other aspects you should look at if your app is a critical one are:
Redundancy: server crash and fallover
Firewall/DMZ: natch
DDOS attacks: Distributed Denial Of Service. Several bookmakers have been on record stating that they have had people blackmail them by threatening DDOS attacks. Make sure that you have plans to deal with this inclucding filtering. Here's a great account of one, http://www.grc.com/dos/drdos.htm
>>I am looking for specific company , a company that some one recommended..
Sure, I understand, it's smart to get a recommendation especially if you're going to be showing them your system. You might want to tell people in what region you are based without being too specific, in that case.
Unfortuantely,I can't recommend one as my company (a well known bank) has our own guys.
Sure, I understand, it's smart to get a recommendation especially if you're going to be showing them your system. You might want to tell people in what region you are based without being too specific, in that case.
Unfortuantely,I can't recommend one as my company (a well known bank) has our own guys.
ASKER
I am looking for specific company , a company that some one recommended..