Difference between revisions of "Web Site Security"
From MgmtWiki
(→Full Name an meaning) |
|||
Line 1: | Line 1: | ||
==Full Name and Context== | ==Full Name and Context== | ||
− | Web Site | + | For most of humanity their computer is first and foremost a communications device talking to a collection of [[Web Site]]s who must be trusted by the user for |
− | ==Organizational Support== | + | ==Context== |
+ | * The day when a personal computer was for running application for the user is long gone, never to return. | ||
+ | * Today a personal computer depends on cloud based service for nearly all of its functionality. | ||
+ | * Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow. | ||
+ | * This page will only consider the use of a trusted [[User Agent]], typically a web browser from a well-known and trusted vendor. | ||
+ | * For the case of the user allowing a [[Native App] to be installed on their personal device, see the page [[Native App Security]]. | ||
+ | ==Problems== | ||
+ | ==Solutions== | ||
+ | * The [[Web Site]] exposes its name in a manner that allows the user to make a meaningful trust decision. | ||
+ | ==References== | ||
+ | ===Organizational Support=== | ||
# [https://www.owasp.org/index.php/Main_Page The Open Web Application Security Project (OWASP)] is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software. | # [https://www.owasp.org/index.php/Main_Page The Open Web Application Security Project (OWASP)] is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software. | ||
# [https://www.nationalisacs.org/ ISAC]s are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators. | # [https://www.nationalisacs.org/ ISAC]s are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators. |
Revision as of 10:49, 16 July 2018
Contents
Full Name and Context
For most of humanity their computer is first and foremost a communications device talking to a collection of Web Sites who must be trusted by the user for
Context
- The day when a personal computer was for running application for the user is long gone, never to return.
- Today a personal computer depends on cloud based service for nearly all of its functionality.
- Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow.
- This page will only consider the use of a trusted User Agent, typically a web browser from a well-known and trusted vendor.
- For the case of the user allowing a [[Native App] to be installed on their personal device, see the page Native App Security.
Problems
Solutions
- The Web Site exposes its name in a manner that allows the user to make a meaningful trust decision.
References
Organizational Support
- The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
- ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.