Home page logo

basics logo Security Basics mailing list archives

Where is the head and tail?
From: WALI <hkhasgiwale () gmail com>
Date: Sat, 24 Feb 2007 10:18:09 +0400

So, I have been asked to undertake security auditing of a financial application, whose source code we have recently acquired. The application is written in D2K with oracle backend.

As I understand it, boss wants security procedures laid out before we start to implement this application across our branches in various countries. Also, he doesn't want any haphazard development to start whenever any changes are asked by accounts dept.

How should I start? Well, I can start to outline Change Management procedures that would be followed. Segregation of duties between various levels of developers, quality assurance, app admin etc. That's generic.

Then what? I am a novice when it comes to accounting and finance. Should I define workflows within dept. of accounting? Should I sit with accountants and other users and get deep into various things they do and then look deeply inside each module of this finance application in order to study General Ledgers, Journal Vuchers, Accounts recievables/payables etc. That would take months!!

Is there any set checklist for such kind of application auditing?
Any/all inputs would be highly appreciated. Please take some time out to enlighen me!!

This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]