A document that provides you with the areas of information security you should focus on, along with specific settings or recommended practices that will help you to secure your environment against threats from within and without.
Using this checklist as a starting point and working with the rest of your IT team, your management, human resources, and your legal counsel, you will be able to create the ultimate network security checklist for your specific environment. That's an important distinction; business requirements, regulatory and contractual obligations, local laws, and other factors will all have an influence on your company's specific network security checklist, so don't think all your work is done. You'll need to tweak this to suit your own environment, but rest assured the heavy lifting is done!
Web Inspect:
Web Inspect is a web application security scanning tool offered by HP. It helps the security professionals to assess the potential security flaws in the web application. Web Inspect is basically a dynamic black box testing tool which detects the vulnerabilities by actually
Performing the attack. After initiating the scan on a web application, there are 'assessment agents' that work on different areas of the application. They report their results to 'security engine' which evaluates the results. It uses 'Audit engines' to attack the application and determine the vulnerabilities. At the end of the scan you can generate a report called 'Vulnerability Assessment' Report' which would list the security issues in desired format. Using this report client can fix the issues and then go for validation scanning to confirm the same. As with every other tool there are both advantages and disadvantages associated with using Web Inspect.