Security Management Strategies for the CIOAccess "The Application Security Testing Gap"
This article is part of the November 2010 issue of Meeting cloud computing compliance mandates
Application security has become information security's "mot du jour," as it should be since the majority of hacks purportedly occur through the application layer. The rapid increase of interest in application security is evidenced by the explosive growth in membership in groups such as Open Web Application Security Project (OWASP), and the appearance of specific certifications, such as the Certified Secure Software Lifecycle Professional offered by ISC2. And it is apparent from the recent corporate acquisitions of such application security testing players as Ounce Labs and Fortify, by IBM and HP respectively, that the big guys also are recognizing the importance of application security. I have long been a strong advocate of ensuring that applications reflect user requirements, are engineered with security in mind, designed with security architectures, and built using secure coding practices. Such coverage goes a long way towards improving the overall security state of applications, which are commonly held to be among the most popular vectors used by those ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
McAfee product strategy needs focus, analysts say
Slew of McAfee product initiatives pique interest of customers but industry analysts say the security giant needs to sharpen its focus.
-
Information security professionals on their pay, certifications
The economy is dragging down pay for information security professionals but not dampening their dedication.
-
McAfee product strategy needs focus, analysts say
-
-
Due diligence processes for cloud computing compliance
Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.
-
How to use an automated user provisioning system for access control
by Randall Gamby, Contributor
Re-architect your provisioning system into a first line of defense for access management.
-
Due diligence processes for cloud computing compliance
-
Columns
-
Microsoft security proposal is noble, but no way
To cure the botnet plague, Microsoft wants to quarantine infected consumer PCs until they're remediated.
-
The Application Security Testing Gap
by C. Warren Axelrod
Application security reviews miss a critical vulnerability by not ensuring functional security.
-
Schneier-Ranum Face-Off on the dangers of a software monoculture
Security experts Bruce Schneier and Marcus Ranum debate the impact of a software monoculture on computer security.
-
Microsoft security proposal is noble, but no way
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...