SpoC 007 - Best Practices & Countermeasures

Back to SpoC 007 Selection page

AoC Candidate: Jim

Project coordinator: TBA

Project Progress: 0% Complete, Progress Page

Executive Summary
I have been running the Buffalo, NY OWASP chapter since 2004. I have been President of ISACA WNY since 2005. I have delivered presentations at Buffalo ISSA, Rochester ISSA, ISACA WNY, and Buffalo OWASP meetings on the topic of Web Application Security.

My Project
The Best Practices & Countermeasures project will outline best practices that should be followed to address/prevent known web application security issues. The best practices will be divided up into related sections. For instance, there will be an "Authentication" section that would have best practices as follows: 1) Require strong passwords 2) For sensitive sites, require two-factor authentication 3) For intranet sites, tie authentication into existing authentication directory server, such as LDAP. 4) Implement account lock-out after 5 failed login attempts 5) Add a log entry and/or an alert to IDS operators after 5 failed login attempts 6) etc.

Each best practice could also have links to language-specific code constructs that show how to implement each best practice.

Long Term
It is my hope that this project can be used not only by developers, but also by IT auditors and security professionals during audits & assessments

Why I should be sponsored for the project
I have 15 years experience in IT, with 10 years experience in IT Security. I have a bachelor's degree in Computer Science and professional experience as a programmer/developer.

Back to SpoC 007 Selection page