Rethinking the Web Application Certification and Accreditation Process

No ratings

Presented at CISOPhiladelphia 2013 by

Erik Avakian

Following a series of breaches and subsequent attacks stemming from insecure code, the necessity for improved web application security became apparent. In an effort to shore up vulnerable code and web apps that were being exploited, Erik Avakian’s team implemented an in-house certification and accreditation process two years ago to bake security into web applications from the start. Blending a mix of vendor solutions into their process, Avakian and his security team, under the direction of Pennsylvania’s chief technology officer, based the program on the DoD DIACAP model, making adjustments to work on a state level. Avakian will reveal the broad applicability and value of this certification and accreditation process in university, government and enterprise sectors, whether services are contracted out or done in-house.