Consortium to Target Web App Security | eWeek

Consortium to Target Web App Security

Écrit par
Dennis Fisher
Dennis Fisher
Feb 18, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

As part of an effort to crystallize the thinking and product-development around the nascent area of Web application security, a group of vendors will announce next week the formation of a new consortium meant to help define and promote standards concerning application security.

Founding members of the group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc. Known as the Web Application Security Consortium, the group will make its debut at the RSA Conference in San Francisco.

The groups initial goal is to create a classification system for application security vulnerabilities, attacks and other threats. Many of the attacks that are used against Web applications are quite complex and much of the terminology is outside of the realm of most security specialists expertise. The group hopes to simplify the explanation of things such as cross-site scripting that have become prevalent in recent years.

“Application security itself is very confusing. A lot of developers dont know exactly how these applications are threatened, which is why the applications are still woefully insecure,” said Jeremiah Grossamn, CEO of WhiteHat, based in Santa Clara, Calif. “The Web security area is so new, no one knows how to address all the issues.”

Cross said the group is approximately 80 percent finished with the classification system, and hopes to have it completed by late March or early April.

Another major focus of the consortiums efforts will be the establishment of industry best practices in several areas, particularly secure coding. Until very recently, most software developers received almost no instruction in college on secure coding practices, and as a result, had no concept of what it took to write a secure application. That state of affairs is changing, as more developers get security training as part of their educations, but there is little agreement among experts on what qualifies as secure coding.

The new consortium hopes to change that by developing guidelines for secure software development. The group also will look at establishing best practices for independent security reviews.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.