Web App Security & Privacy Reference

Security classification: Public
Last update: 2018.09.01 Print

Listen to this page: audio icon

Getting Started

Introduction

The following references are provided to consolidate and improve your access to vital information regarding web app security and privacy.

Please use the navigation on the left side of each page to access data.

Web App Security & Privacy Glossary
Terms, Descriptions & References - This is an internal link.
CWE (Common Weakness Enumeration)
Top 25 Most Dangerous Software Errors - This is an internal link.
GDPR (European Union General Data Protection Regulation)
Introduction to the EU General Data Protection Regulation (GDPR) - This is an internal link.
Frequently Asked Questions (FAQ's) - This is an internal link.
Diagram of the EU GDPR Implementation Process - This is an internal link.
GDPR Chapters with Sections & Articles - This is an internal link.
OWASP (Open Web Application Security Project)
Top 10 Web Application Security Risks - This is an internal link.
Top 10 Privacy Risk Countermeasures - This is an internal link.
Top 10 Proactive Security Controls - This is an internal link.
Security & Privacy Policy Examples
Information Classification Scheme - This is an internal link.
Information Security Program Charter - This is an internal link.
Cryptographic Key Custodian Policy - This is an internal link.
Chief Security Officer Acknowledgment Form - This is an internal link.
Encryption Domain Administrator Acknowledgment Form - This is an internal link.
Key Custodian 1 Acknowledgment Form - This is an internal link.
Key Custodian 2 Acknowledgment Form - This is an internal link.

About CWE

CWE is the acronym for the Common Weakness Enumeration - This is an external link..

Targeted at developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weakness types created to:

  • Serve as a common language for describing software security weaknesses in architecture, design, or code.
  • Serve as a standard measuring stick for software security tools targeting these weaknesses.
  • Provide a common baseline standard for weakness identification, mitigation, and prevention efforts.

About GDPR

GDPR is the acronym for the European Union General Data Protection Regulations - This is an external link..

The General Data Protection Regulation aims to offer EU citizens a uniform and harmonised approach towards privacy in the European Union.

  • The GDPR seeks to strengthen people’s rights to data protection as set out in Article 8 of the EU Charter of Fundamental Rights.
  • After almost four years of deliberation and debate, the GDPR was finally approved by the EU Parliament on April 14, 2016.
  • Although the document became valid 20 days after the approval date, the enforcement date was established as May 25, 2018.

About OWASP

OWASP is the acronym for the Open Web Application Security Project - This is an external link..

The OWASP Foundation came online on December 1st 2001.

  • It was established as a not-for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP.
  • OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world.
  • OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.
  • All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
  • OWASP advocates approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas.

▲ Top