Once you've completed a security assessment as a part of your web application development, it's time to go down the path of remediating all of the security problems you uncovered. At this point, your developers, quality assurance testers, auditors, and your security managers should all be collaborating closely to incorporate security into the current processes of your software development lifecycle in order to eliminate application vulnerabilities. And with your Web application security assessment report in hand, you probably now have a long list of security issues that need to be addressed: low, medium, and high application vulnerabilities; configuration gaffes; and cases in which business-logic errors create security risk. For a detailed overview on how to conduct a Web application security assessment, take a look at the first article in this series, Web Application Vulnerability Assessment: Your First Step to a Highly Secure Web Site.
This document is in PDF format. To view it click here.