Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84805members
354262posts

Compliance with the OWASP standard (DCE & DCO)

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

Solved
DCIM_Support
Picard
Picard
0 Likes
5
403

Compliance with the OWASP standard (DCE & DCO)

This question was originally posted on DCIM Support by Iván González Borraz on 2019-07-18


Hi,

DCE & DCO comply with the OWASP web development standard?
Is there any documentation that shows the evidence?

Thanks,

(CID:147196321)


Accepted Solutions
DCIM_Support
Picard
Picard
0 Likes
0
403

Re: Compliance with the OWASP standard (DCE & DCO)

This answer was originally posted on DCIM Support by Iván González Borraz on 2019-07-23


Thank you Steve & Greg, i get an idea with your answers

 

 

(CID:147197411)

See Answer In Context

5 Replies 5
DCIM_Support
Picard
Picard
0 Likes
2
405

Re: Compliance with the OWASP standard (DCE & DCO)

This answer was originally posted on DCIM Support by Steven Marchetti on 2019-07-18


Hi Ivan,

 

I'm checking on this for you but I do not believe we comply with this standard. I'll let you know what I hear back.

 

Steve.

(CID:147196555)

DCIM_Support
Picard
Picard
0 Likes
0
405

Re: Compliance with the OWASP standard (DCE & DCO)

This comment was originally posted on DCIM Support by Steven Marchetti on 2019-07-22


Hi Ivan,

My engineering contact stated:

---------------------------------------------

OWASP is more like a community than a specific standard, but they do produce the OWASP Top Ten. These are some of the most commonly exploitable attack vectors / security practices that are generally considered a good basis to follow with respect to product testing and security requirements.

 

https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

 

I would say that we use this as a guideline and that it directs a lot of our security testing and requirements. We have not done an official OWASP Top Ten certification or anything like that. I don’t think that exists, though there may be companies that help with similar certs that embrace the guidelines.

---------------------------------------------

 

That being said, I have nothing that I can provide as "evidence".

Thanks,

Steve

(CID:147197174)

DCIM_Support
Picard
Picard
0 Likes
0
405

Re: Compliance with the OWASP standard (DCE & DCO)

This comment was originally posted on DCIM Support by Greg Sterling on 2019-07-22


Adding to Steve's comments. On the DCO side we do not publish the specifics regarding the processes and mechanisms we use to test our products for vulnerabilities and other security issues. This is partly because if we publicly document our methods we would be providing intel to those who would like to break our product.

That being said, I would recommend viewing this page https://ecostruxureit.com/security/ as it details measures taken in the ecostruxure IT platform. Most of the development portions of that page are built into the development process for the DCO server, desktop and web clients. A number of the sections on the above page check the boxes in the OWASP requirements.

Regards

Greg Sterling

(CID:147197238)

DCIM_Support
Picard
Picard
0 Likes
0
404

Re: Compliance with the OWASP standard (DCE & DCO)

This answer was originally posted on DCIM Support by Iván González Borraz on 2019-07-23


Thank you Steve & Greg, i get an idea with your answers

 

 

(CID:147197411)

DCIM_Support
Picard
Picard
0 Likes
0
405

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.