• HOME
• COMPANY
  • About Aspect
  • Customers
  • Management
  • Careers
  • Contact Us
• SERVICES
  • About Aspect’s Services
  • Assurance Services
    for your application security verifications
  • Acceleration Services
    for your application security initiatives
  • Education and Training
• NEWS
  • Events
  • Press Releases
  • News
• RESOURCES
  • OWASP
  • White Papers
  • Case Studies

FOR IMMEDIATE RELEASE

CONTACT:

Bill Husted Aspect Security, Inc. 301-604-4882 (o) 301-775-5545 (m) bill.husted@aspectsecurity.com

Aspect Supports NIST in Adding Application Security to Security Standard
Revisions to FISMA Regulation NIST 800-53 Will Include Significant Application Security Coverage

Columbia, MD - June 27, 2005

Aspect is pleased to announce that the new NIST 800-53 standard will include language addressing key application security concerns. Aspect worked closely with Ron Ross, FISMA Project Lead at NIST, to integrate application security into the NIST 800-53 standard.  We provided language for the stnadard that will accomplish two important objectives.

First, the standard will be made to clearly identify that the standard must be applied to applications. This is important as so many certification and accreditation efforts focus on infrastructure and systems, but spend no time on the custom code written to run in that environment. This results in government applications and web sites without appropriate security controls or assurance.

Secondly, the standard will be augmented to include specific requirements for custom code, such as input validtion and error handling. Having these specific requirements will help agencies building custom code remember to address these key areas. These requirements provide key defenses against common attacks, such as SQL injection and cross-site scripting.

 “The NIST 800 series describes a structured, useful, and balanced approach to securing information technology systems.” said Williams.  “Everyone knows that applications are a key part of these systems, and the time has come to make this explicit.  Applying this series to the software development process will dramatically improve the likelihood of producing a secure application.”

About Aspect Security, Inc.

Aspect Security, the application security specialists, delivers third-party security analysis, code review, and testing to verify the strengths and weaknesses of web applications, web services, and other software. Aspect also appraises an organization’s capability to develop, operate, and maintain applications securely. Aspect has verified hundreds of millions of lines of code for mission critical applications and has trained thousands of developers and managers to build and test secure applications. Aspect served as the authors of the OWASP Top Ten Web Application Vulnerabilities. Aspect’s core team has been providing application security services for over eight years, since before application security was a mainstream issue. Aspect is privately held and headquartered in Columbia, Maryland. To contact Aspect Security, call 301-604-4882, visit us on the Web at http://www.aspectsecurity.com, or write to info@aspectsecurity.com.