Application Security

Sanjay Adani

Published Mar 25, 2021

INTRODUCTION

When we have a desire to point out application security then we focus on doing one thing very well in the difficulty of securing keep private information from unauthorized access and change. This can be completed by forcing (by law) some policy measures in favour of organization. By security threats, we have a habit/ desire to agree with the information keep by a company is hacked and take a look to understand/ make real/ achieve access to sensitive information.

The aim of application security is to spot the following:

· Critical assets of the organization

· Genuine users could access the info

· Level of access provided to every user

· Various vulnerabilities that will exist within the application

· Data criticality and risk analysis on knowledge exposure

· Appropriate correction measures

Web application security aims to deal with and fulfill the four conditions of security, additionally said as principles of security:

· Confidentiality: states that the sensitive knowledge keep within the net application should not be exposed underneath any circumstances

· Integrity: states that the info contained within the net application is consistent associated is not changed by an unauthorized user

· Availability: states that the net application ought to be accessible to be the real user among a nominal amount of your time betting on the request.

· Nonrepudiation: states that the real user will not deny modifying the info contained within the net application which the net application can prove its identity to the real user.

Application security is that the use of software package, hardware and (related to the usual step-by-step way of doing things) ways to shield computer programs from external threats. Security is turning into a very important concern throughout development as computer programs become more mostly (easy to get go, or understand) over networks and are, as a result, easily able to be harmed or influenced by a good style of threats.

Security measures designed and made into applications and a sound application security (something commonly done) the chance that unauthorized code are going to be able to control/ move around/ mislead computer programs to access, steal, change or delete sensitive knowledge.

Actions taken to make sure application security are generally known as counter measures. The best basic software package step is an application firewall that limits the execution of files or the handling of information by clearly stated/ particular put in progress. The best common hardware step may be a router that may delay the scientific discipline address of a personal laptop from being directly visible on the web. Different countermeasures clearly show/ include standard firewalls, (turning message into secret code)/ decryption programs, anti-virus programs, spyware detection/ removal programs and (recording something about the body) identification systems.

Application security will be increased by strictly shaping business/ project valuable things, (typical and expected) what every computer program will relating to/ connected to these valuable things, making a security profile for every computer program, (typical and expected) and putting in order of importance possible threats and recording/ writing down bad events and also the actions taken in every case. This method is thought as threat modeling. During this big picture, a threat is any (possible or/ possible greatness or power or) actual bad event that may agree (after everyone gives something up) the valuable things of a business/ project, together with each bad events, like a denial-of-service (DoS) attack and unplanned events, like the failure of a device.

SECURITY TESTING

Secure Code Review

Secure Code Review (SCR) is done when the code is relatively stable and is about to enter unit testing phase. Automated tools are used followed by manual analysis to ensure that the code does not contain any known vulnerabilities. If vulnerabilities are identified, then recommendations to fix the vulnerabilities will be suggested. SCR can be helpful in identifying issues resulting from (but not limited to):

· Poor or missing input validations

· Potential race conditions

· Buffer overflows

· Confidential data in logs

· Improper or missing error handling

· Hardcoded passwords in code or configuration files

Code review focuses only on software security related considerations such as secure programming, business-driven software system policies, information protection, authentication, access controls, authorization, trusted computing etc. The secure code review can be tool-based, relying on software security rule set and a manual inspection or review is conducted to eliminate false positives and false negatives. Once the code is developed and stable, Security Consultant will perform the code analysis and recommend the required vulnerability fixes, if any.

Web application penetration testing approach (WAPT)

Methodology for web application penetration testing is based on industry best practices and methodologies such as OWASP, OSSTMM & NIST. Web application security assessment involves intrusion techniques leading to identification of potential vulnerabilities, which may compromise the web application.

The web applications is assessed both as External & Internal ‘attacker’. External scenario simulates attacks from an Internet-based attacker. Internal view represents disgruntled user with partial or full knowledge or access to the application. The damage potential is thus assessed from both these threat agents.

Vulnerability Assessment Approach

Vulnerability assessment analysis of the systems or network devices is performed from internal attacker point of view. Initially the port scan and service enumeration is performed and then using automated licensed tool execute vulnerability scanning on the systems in scope. Based on the vulnerabilities identified using vulnerability scanning tool, mitigation strategy will be recommended.

Network Penetration Testing Approach

Penetration Test of the systems is performed from external attacker point of view. Penetration test will be executed in phased manner, where initially it will gather information of system and discover the open ports. Based on the open ports, enumeration of the services will be performed and the vulnerabilities related to it will be exploited. Based on the vulnerabilities identified during penetration testing, the mitigation strategy will be recommended.

To view or add a comment, sign in

Application Security

Sanjay Adani

Others also viewed

Why Regular Software Updates Are Your First Line of Defense Against Cyber Threats

Cyber News #30 - Security in Operating Systems

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks

What Are Rootkits? Exploring Their Impact on System Security and How to Stop Them

Security Awareness Training - In House?

Introduction to Cyber Security : Everything beginners need to know.

How ASO keeps your data & information safe, protected, and confidential.

Beyond Patches: Why Security Awareness Matters More Than Ever.

10 High-quality cyber security blogs...Friday Morning Cyberamblings

Cybersecurity Principles and Their Practical Applications

Software Security Best Practices

How to Align Application Security with Business Goals

Tips for Securing SaaS Applications in Organizations

Cybersecurity Training for Real-World Applications

Explore content categories