OWASP Developer Guide

Operation

Developer guide logo

9. Operations

Operations are those activities necessary to ensure that confidentiality, integrity, and availability are maintained throughout the operational lifetime of an application and its associated data. The aim of Operations is to provide greater assurance that the organization is resilient in the face of operational disruptions, and responsive to changes in the operational landscape. This is described by the Operations business function in the OWASP SAMM model.

Operations generally cover the security practices:

Incident Management of security breaches and incidents
Environment Management such as configuration hardening, patching and updating
Operational Management which includes data protection and system / legacy management

OWASP projects provide the CRS that is used for both Coraza and ModSecurity web application firewalls, which are widely used for data and system management.

Sections:

9.1 DevSecOps Guideline
9.2 Coraza Web Application Firewall
9.3 ModSecurity Web Application Firewall
9.4 OWASP CRS

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.

Watch Star

Operation

9. Operations

Developer Guide

Upcoming OWASP Global Events