Application Security
-------------------------------------------------
Application security
Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development,deployment, upgrade, or maintenance of the application.
Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security.
Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP Top 10 has become an industrial norm in assessing Web Applications.
-------------------------------------------------
Methodoogy
According to the patterns & practices Improving Web Application Security book, a principle-based approach for application security includes:[1] * Knowing your threats. * Securing the network, host and application.. * Incorporating security into your software development process
Note that this approach is technology / platform independent. It is focused on principles, patterns, and practices.
-------------------------------------------------
Threats, Attacks, Vulnerabilities, and Countermeasures
According to the patterns & practices Improving Web Application Security book, the following terms are relevant to application security:[1] * Asset. A resource of value such as the data in a database or on the file system, or a system resource. * Threat. A negative effect. * Vulnerability. A weakness that makes a threat possible. * Attack (or exploit). An action taken to harm an asset. * Countermeasure. A safeguard that addresses a threat and mitigates risk.
Application security
Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development,deployment, upgrade, or maintenance of the application.
Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security.
Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP Top 10 has become an industrial norm in assessing Web Applications.
-------------------------------------------------
Methodoogy
According to the patterns & practices Improving Web Application Security book, a principle-based approach for application security includes:[1] * Knowing your threats. * Securing the network, host and application.. * Incorporating security into your software development process
Note that this approach is technology / platform independent. It is focused on principles, patterns, and practices.
-------------------------------------------------
Threats, Attacks, Vulnerabilities, and Countermeasures
According to the patterns & practices Improving Web Application Security book, the following terms are relevant to application security:[1] * Asset. A resource of value such as the data in a database or on the file system, or a system resource. * Threat. A negative effect. * Vulnerability. A weakness that makes a threat possible. * Attack (or exploit). An action taken to harm an asset. * Countermeasure. A safeguard that addresses a threat and mitigates risk.