Small and Medium Organizations: Secure websites
For many small and medium organizations, their websites are essential to their business. An offline or defaced website can negatively impact an organization’s operations and reputation. Your organization should properly secure its web presence to avoid possible concerns, such as lost revenue or customer trust and compromised sensitive information.
How can my organization secure its web presence?
You can secure your website by using the Application Security Verification Standard (ASVS), which was developed by the Open Web Application Security Project (OWASP). This standard proposes a list of security requirements and controls to implement during all phases of web application development.
Derived from real use cases, industry experience, and feedback, ASVS offers guidance on many fronts such as configuration, authentication, transaction security, data protection, and malware controls. ASVS aims to help organizations develop and maintain secure applications and enable security services and tools.
Your organization should ensure that it can invest in the skills and tools needed to meet security requirements for all websites and web applications that are developed and operated in-house. If you do not have the resources available in-house, your organization should consider outsourcing the development and operation of your website while still meeting the ASVS.
Recommendation for your organization:
- Ensure that all websites and web applications meet the OWASP ASVS Level 1 guidelines