What is application securityApplication Security

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Application Security What is application security

This topic contains 2 replies, has 3 voices, and was last updated by  mizazga 1 year, 10 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #94067

    ashlesha
    Participant

    What is application security

    #98261

    FisherCMH
    Participant

    Simply put, it is securing software.

    Software applications that you (or your organization) creates should include security considerations at all stages of the software development lifecycle (SDLC). For example, the design stage, the development stage, the deployment stage, etc.

    There are many tools that can help find vulnerabilities in application code. For example:

    * Static Code Analysis scans source code and libraries looking for insecurities.

    * Dynamic Code Analysis scans code as it executes.

    * Surface scans and penetration tests.

    * All the usual QA/UAT testing, such as unit testing and integration testing and load testing.

    Beyond the tools, it is important to cultivate a culture of security within the teams (architecture, dev, testing, ops, etc.) For example, I would recommend dev training that covers OWASP Top 10, SANS 25, Threat Modeling, and so on.

    There’s also third party software to consider. This will probably include vendor applications and code libraries written by others. They introduce new vulnerabilities. Patch management is an important piece of the Application Security puzzle.

    Application Security (AppSec) is a broad area. It involves people and processes and technical controls.

    #108400

    mizazga
    Participant

    Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Securing Enterprise applications . This white paper considers a variety of application level threats facing enterprise web applications and how those can be mitigated in order to promote security.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel