WASC Tackles Web Application Security

By David Worthington, BetaNews

February 27, 2004, 7:07 PM

The incessant flow of high-profile security lapses has left industry and government officials clamoring for a solution. To answer this call, a group of top Web application security experts have banded together to found the Web Application Security Consortium (WASC). WASC urges developers to 'think' security by evangelizing the establishment and promotion of new industry-wide standards.

The consortium, announced during this week's RSA conference, was established by Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc., and WhiteHat Security Inc. WASC joins the ranks of existing industry groups including the Open Web Application Security Project (OWASP) and OASIS Web Application Security Technical Committee.

The mantra of WASC is "security through best practices." Together, WASC and its charter members seek to identify the security risks to e-business and privacy on the Web; establish consistent technical terminology relating to Web security issues; and establish Web application security standards of best practice for secure software development, independent security review and policy guidelines.

"While security standards are important, more companies are at risk for either having weak security policies or not enforcing those already in place. Clear, executable security policies mark the first line of defense," commented Joe Wilcox, a senior analyst with Jupiter Research.

Jeremiah Grossman, spokesperson and co-founder of WASC, told BetaNews that WASC will announce its schedule for upcoming projects during the first calendar quarter of 2004, and will welcome additional members in the coming months.