Security Content Automation Protocol and Web Application Security
•Download as PPT, PDF•
5 likes•1,897 views
The document introduces the Security Content Automation Protocol (SCAP) which comprises a suite of specifications for organizing and expressing security-related information in standardized ways. SCAP can be used to automatically verify the installation of patches, check system security configuration settings, and examine systems for signs of compromise. It then describes some of the key components of SCAP including XCCDF for security checklists, OVAL for auditing, CCE for configuration guides, CPE for environment descriptions, CVE for vulnerability disclosures, and CVSS for vulnerability impact scoring. The document encourages using SCAP to automate security tasks wherever possible and contributing new SCAP content.
![Who is Michael Smith? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
More Related Content
What's hot
What's hot (20)
Similar to Security Content Automation Protocol and Web Application Security
Similar to Security Content Automation Protocol and Web Application Security (20)
More from Michael Smith
More from Michael Smith (8)
Recently uploaded
Recently uploaded (20)
Security Content Automation Protocol and Web Application Security
- 1. The Security Content Automation Protocol and Web Application Security Automatisch, Praktisch, Gut!
- 8. Scenario: Patch, VM, and Audit
Editor's Notes
- The following presentation contains insights and opinions gathered from over 30 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with the impetus to reemphasize security within your organization, and feel good about doing so. The subtitle means “Automatic, Practical, Good!” and is a play on the Ritter Sport tagline “Quadratisch, Praktish, Gut!” which translates as “Square, Practical, Good!” http://www.ritter-sport.de/
- Mike’s blog is at http://www.guerilla-ciso.com/ Mike teaches for Potomac Forum http://www.potomacforum.org/ Contact information for Mike is at the end of this presentation.
- OK, it could be that SCAP and automation replaces all of us with tool monkeys. This impact remains to be seen.
- WASC Threat Classification Working Group http://projects.webappsec.org/Threat-Classification-Working CWE http://cwe.mitre.org/
- Picture is “lifted” from Encyclopedia Dramatica and used under Fair Use. http://www.encyclopediadramatica.com/Image:God-kills-kitten.jpg http://www.encyclopediadramatica.com/Encyclopedia_Dramatica:General_disclaimer#Fair_Use_and_Copyrighted_Materials
- If you would like us to speak for your event or group, please ask. If you would like to learn more and to keep up-to-date on groundbreaking Government security news, subscribe to the guerilla-ciso blog feed. Presentation released under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License. More information available at http://creativecommons.org/licenses/by-nc-sa/3.0/