Thank you, David. This is very helpful information when trying to satisfy customer inquiries.
Ken Leihkauff North American Integrated Services Management Center (NAISMC) Science Applications International Corp. (SAIC) From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Easter, David Sent: Wednesday, January 19, 2011 3:51 PM To: [email protected] Subject: Re: OWASP assessment (Mid-Tier)? ** There is a security white paper that describes how AR System deals with these kind of security situations: 02-Nov-2010 BMC Remedy Action Request System 7.6.03 AR System Security PDF<http://documents.bmc.com/supportu/documents/86/29/178629/178629.pdf> AR System 7.5.00 is also undergoing Common Criteria certification as can be seen here: http://www.niap-ccevs.org/in_evaluation/. AR System 6.3.00 already achieved Common Criteria at EAL3 a few years ago: http://www.niap-ccevs.org/cc-scheme/st/vid10101/ -David J. Easter Manager of Product Management, Remedy Platform BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Leihkauff, Kenneth Sent: Wednesday, January 19, 2011 12:20 PM To: [email protected] Subject: OWASP assessment (Mid-Tier)? ** Does anyone know if Remedy Mid-Tier has been evaluated with respect to the "Open Web Application Security Project (OWASP)" top 10 web applications security vulnerabilities list? Thank you. The OWASP Top 10 Web Application Security Risks for 2010 are: * A1: Injection * A2: Cross-Site Scripting (XSS) * A3: Broken Authentication and Session Management * A4: Insecure Direct Object References * A5: Cross-Site Request Forgery (CSRF) * A6: Security Misconfiguration * A7: Insecure Cryptographic Storage * A8: Failure to Restrict URL Access * A9: Insufficient Transport Layer Protection * A10: Unvalidated Redirects and Forwards Ken Leihkauff North American Integrated Services Management Center (NAISMC) Science Applications International Corp. (SAIC) _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
