Web Application Security Design Inspection Questions

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Contents

Summary

Use security design inspection questions for performing high-level design inspections. Questions put you in the right state of mind when analyzing the code. The questions are organized by categories that are both actionable and tend to contain security issues. You can also chunk up your security inspection by the categories for iterative or incremental approaches.


Deployment and Infrastructure Considerations


Auditing and Logging


Authentication


Authorization


Configuration Management


Cryptography


Exception Management


Input and Data Validation


Parameter Manipulation


Sensitive Data


Session Management


Related Items

Personal tools