Operation
9. Operations
Operations are those activities necessary to ensure that confidentiality, integrity, and availability are maintained throughout the operational lifetime of an application and its associated data. The aim of Operations is to provide greater assurance that the organization is resilient in the face of operational disruptions, and responsive to changes in the operational landscape. This is described by the Operations business function in the OWASP SAMM model.
Operations generally cover the security practices:
- Incident Management of security breaches and incidents
- Environment Management such as configuration hardening, patching and updating
- Operational Management which includes data protection and system / legacy management
OWASP projects provide the Core Rule Set that is used for both Coraza and ModSecurity web application firewalls, which are widely used for data and system management.
Sections:
9.1 DevSecOps Guideline
9.2 Coraza Web Application Firewall
9.3 ModSecurity Web Application Firewall
9.4 ModSecurity Core Rule Set
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.