Web Application Security Design Inspection Questions

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan



Use security design inspection questions for performing high-level design inspections. Questions put you in the right state of mind when analyzing the code. The questions are organized by categories that are both actionable and tend to contain security issues. You can also chunk up your security inspection by the categories for iterative or incremental approaches.

Deployment and Infrastructure Considerations

Auditing and Logging



Configuration Management


Exception Management

Input and Data Validation

Parameter Manipulation

Sensitive Data

Session Management

Related Items

Personal tools