What Is Application Security?

[chinzka]

Application Security is the strategy and actions to prevent security breaches of applications and systems. Because the vast majority of applications are known to have bugs, security issues such as design, development, implementation, and/or deployment flaws, application security is a necessary component of any company's technology strategy.

In practice, Application Security stands for the use of procedures, software, and hardware to protect applications from external threats. Because more applications are now available over the networks, intranet, and Internet, application security is moving up in the importance of application considerations.

Application Security encompasses the use of software, hardware, and procedures to protect applications from various threats. It's related to the concept of Information Security, which refers to guarding data, information, and information systems from any kind of unauthorized access, disclosure, modification, or removal.

The purpose of Information Security, in general, is to protect the company's information assets, as well as confidentiality, integrity, and availability of information. The major components of Information Security are: Confidentiality, Integrity, and Availability—in what's commonly referred to as the CIA Triad.

Application Security has become a buzz word and its importance grows on a daily basis, affecting anyone involved in technology. Application Security is gaining significance because it's no longer possible even for those not working in technology to overlook its importance. As security threats gain visibility on the news and media, a company's executives are forced to face the reality. The more proactive a company is and its management and employees become about Application Security and Information Security, the better the company will do in the future.

Application Security Principles

Following a controlled and principle-based approach to application security involves a number of tasks, which include, but are not limited to:

Understanding and documenting architecture, design, implementation, and installation of a particular application and its environment
Understanding the possible threats and security limitations either due to design, coding practices, or the environment in which the application is deployed and utilized
Working to make sure appropriate coding standards are met to make sure that the application is as secure as possible
Following the SDLC (System Development Life Cycle)
Securing networks, databases, servers, and the application itself
Performing design, architecture, and code reviews with independent groups within the company, such as centralized security groups, if available
Identifying and establishing the Application Business Owner(s)
Identifying and establishing the Application IT Owner(s)
Performance of consistent and regular application and resources entitlement reviews

The list can go on and on, but items listed above need to be followed as the minimum standards for Application Security.

Who Is Responsible?

The ever-lasting question is "Whose job is it really?" It has one simple answer—everyone's. We are all responsible for making sure that applications are better protected.

 

[kartikeyp1]

Nice job bro ! Google is our friend and we should use it .
Atleast i now understand fully about it.