本文译自:The Complete Application Security Checklist
完整的应用程序安全检查表
11个最佳做法,最大限度地降低风险并保护您的数据
Address the No. 1 attack vector—your applications.
解决你的应用程序的第一个攻击向量。
Best practice 1: Eliminate vulnerabilities before applications go into production. Best practice 2: Address security in architecture, design, and open source and third-party components. Best practice 3: Adopt security tools that integrate into the developer’s environment.
- 最佳实践1:在应用程序投入生产之前消除漏洞。
- 最佳实践2:解决体系结构、设计、开源和第三方组件中的安全问题。
- 最佳实践3:采用集成到开发人员环境中的安全工具。
Put the right tools in place.
把对的工具放在对的位置。
Best practice 4: Build an “AppSec toolbelt” that brings together the solutions needed to address your risks. Best practice 5: Analyze your application security risk profile so you can focus your efforts.
- 最佳实践4:构建一个“AppSec工具带”,将解决风险所需的解决方案集合在一起。
- 最佳实践5:分析应用程序安全风险状况,以便集中精力。
Ensure your team has sufficient skills and resources.
确保你的团队有足够的技能和资源。
Best practice 6: Develop a program to raise the level of AppSec competency in your organization. Best practice 7: Provide your staff with sufficient training in AppSec risks and skills. Best practice 8: Augment internal staff to address skill and resource gaps.
- 最佳实践6:制定一个计划来提高您组织中AppSec的能力水平。
- 最佳实践7:为您的员工提供AppSec风险和技能方面的充分培训。
- 最佳做法8:增加内部工作人员以解决技能和资源缺口。
Address changing AppSec risks when moving to the cloud.
移动到云时,地址更改AppSec的风险。
Best practice 9: Make sure you understand your cloud security provider’s risks and controls. Best practice 10: Develop a structured plan to coordinate security initiative improvements with cloud migration. Best practice 11: Establish security blueprints outlining cloud security best practices.
- 最佳实践9:确保您了解云安全提供商的风险和控制。
- 最佳实践10:制定一个结构化计划,以协调安全计划改进与云迁移。
- 最佳实践11:建立概述云安全最佳实践的安全蓝图。