Collaborate Disseminate
The product owner is responsible for the functional requirements, but who is responsible for the security requirements? Security requirements are thought of as nonfunctional requirements but is this always the case? Would the responsibil… Continue reading Who is responsible for a project’s security requirements?
In the OWASP Mobile Application Security Checklist there is a requirement called MSTG-ARCH-3 which describes:
"A high-level architecture for the mobile app and all connected remote
services has been defined and security has been addr… Continue reading MSTG-ARCH-3 What means?
We are looking to provide our Devs and Ops with minimal security baseline requirements – reference materials that they should follow during coding/implementation/etc.
Maybe requirements based on NIST 800-53 – but NIST is too cumbersome – d… Continue reading any security baseline reference we can use? paid or free
For example, a password consisting only of lower-case characters [a-z], but a length of 10 (26^10), will always be better than all characters, but a length of 7 (95^7).
That is, how much is it correct to take into account only the number o… Continue reading How much does the strength of the password depend on the variety of characters?
Are there any defined approaches that help you identify security requirements given that you have a specific decription of a system design? After a little research, I found OWASP Application Security Verification Standard. I am sure that t… Continue reading Are there any defined approaches to identify security requirements of a system? [closed]
I have been spending some months learning about ethical hacking, I am struggling with my old laptop and I understand that if I want to move forward in this world I have to upgrade. after switching from Windows to Mac, I realized, I could n… Continue reading Getting started – Laptop (Help please) [closed]
I’m planning on documenting a framework that we built for managing non-functional requirements. This is post #2 of the series.
In Post #1, Last In – First Out: Building a Non-Functional Requirements Framework – Overview I outlined the template and def… Continue reading Building Non-Functional Requirements Framework – Requirements Categories
I’m planning on documenting a framework that we built for managing non-functional requirements. This is post #1 of the series.
A pain point for our infrastructure and security teams was a lack of useable, consistent availability and security requirem… Continue reading Building a Non-Functional Requirements Framework – Overview
In the OWASP Mobile Application Security Checklist there is a requirement MSTG-ARCH-7 which reads: "All security controls have a centralized implementation".
Now I’m struggling a bit by what is meant with "centralized implem… Continue reading MSTG-ARCH-7: All security controls have a centralized implementation
I have been tasked with coming up with security requirements for a project. I am finding it difficult to find the line between where project specific, nonfunctional requirements end and general security requirements for the enterprise begi… Continue reading What is the industry-standard recommendation for where non-functional security requirements end and enterprise requirements begin?