Difference between revisions of "Web Site Security"

From MgmtWiki
Jump to: navigation, search
(Full Name an meaning)
Line 1: Line 1:
 
==Full Name and Context==
 
==Full Name and Context==
Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow.
+
For most of humanity their computer is first and foremost a communications device talking to a collection of [[Web Site]]s who must be trusted by the user for
  
==Organizational Support==
+
==Context==
 +
* The day when a personal computer was for running application for the user is long gone, never to return.
 +
* Today a personal computer depends on cloud based service for nearly all of its functionality.
 +
* Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow.
 +
* This page will only consider the use of a trusted [[User Agent]], typically a web browser from a well-known and trusted vendor.
 +
* For the case of the user allowing a [[Native App] to be installed on their personal device, see the page [[Native App Security]].
 +
==Problems==
 +
==Solutions==
 +
* The [[Web Site]] exposes its name in a manner that allows the user to make a meaningful trust decision.
 +
==References==
 +
===Organizational Support===
 
# [https://www.owasp.org/index.php/Main_Page The Open Web Application Security Project (OWASP)] is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
 
# [https://www.owasp.org/index.php/Main_Page The Open Web Application Security Project (OWASP)] is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
 
# [https://www.nationalisacs.org/ ISAC]s are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.
 
# [https://www.nationalisacs.org/ ISAC]s are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.

Revision as of 09:49, 16 July 2018

Full Name and Context

For most of humanity their computer is first and foremost a communications device talking to a collection of Web Sites who must be trusted by the user for

Context

  • The day when a personal computer was for running application for the user is long gone, never to return.
  • Today a personal computer depends on cloud based service for nearly all of its functionality.
  • Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow.
  • This page will only consider the use of a trusted User Agent, typically a web browser from a well-known and trusted vendor.
  • For the case of the user allowing a [[Native App] to be installed on their personal device, see the page Native App Security.

Problems

Solutions

  • The Web Site exposes its name in a manner that allows the user to make a meaningful trust decision.

References

Organizational Support

  1. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
  2. ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.