Monday, 31 October 2011

Australian Online Applications Are Secure?

The Australian Defence Signals Directorate (DSD) published the Top 35 Mitigation Strategies to:
  • "mitigate targeted cyber  intrusions.  The  list  is  informed by DSD’s experience  in operational cyber  security,  including  responding  to  serious  cyber  incidents  and  performing  vulnerability   assessments and penetration testing for Australian government agencies.

According to DSD:
  • "Rankings are based on DSD’s analysis of reported security incidents and vulnerabilities detected by DSD in testing the security of Australian Government networks. "
However, if you review the 35 strategies, there is no mention of the need to develop applications securely. SQL Injection, XSS etc. are all missing.

Does this mean that Aussie Apps are secure? Have they got it sorted? (Eventhough they seem to be crap at bog ball ++ (and struggle at rugby))



    Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

    2 comments:

    1. In fairness to them I think this is more of a sysadmin check list rather than a developers one. I would expect that any in house development has an OWASP type list, if I ever get involved in a government contract I'll let you know.

      Of course it is possible that they've got it sorted, we all spend most of our time on the beach don't you know...

      ReplyDelete
    2. Then again... maybe they don't have it sorted....

      Ooops...

      http://www.zdnet.com.au/dsd-accidentally-leaks-own-infosec-manual-339326180.htm

      ReplyDelete