Wednesday, May 20, 2009

SearchFinancialSecurity: The need for financial Web application security

The current lead story on is my contribution Why financials must implement Web application security best practices.
This is a follow up piece, a summary if you will, on my Online Finance Flaws campaign, kindly solicited by TechTarget to drive home the point: Is there any one sector more than financial services who must take a stronger stance with regard to Web application security?
Answer: Not that I can think of.
Security hits to financial-services firms have far reaching impacts beyond individual victims, including economic implications that can contribute to global economic malaise.
This article offers examples of flaws noted in major financial-services websites, data from OWASP's Security Spending Benchmarks Project Report as well as best practices guidance derived from security development lifecycle (SDL) methodology.
I invite you to read the article at your earliest convenience.
As always, feedback is welcome. | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

1 comment:

Rafal Los said...

Catching up on your articles from the comfort of my hospital room... another great post buddy.
ALL manner of financial institutions are the the high-value targets for today's hackers and evil-doers... given how much damage a financial crisis can inflict globally it continues to amaze me how the requirement for security is absolutely downplayed.

Oh well... money in a coffee can, anyone?

Moving blog to

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...