Security Management Strategies for the CIOAccess "The Application Security Testing Gap"
This article is part of the November 2010 issue of Meeting cloud computing compliance mandates
Application security has become information security's "mot du jour," as it should be since the majority of hacks purportedly occur through the application layer. The rapid increase of interest in application security is evidenced by the explosive growth in membership in groups such as Open Web Application Security Project (OWASP), and the appearance of specific certifications, such as the Certified Secure Software Lifecycle Professional offered by ISC2. And it is apparent from the recent corporate acquisitions of such application security testing players as Ounce Labs and Fortify, by IBM and HP respectively, that the big guys also are recognizing the importance of application security. I have long been a strong advocate of ensuring that applications reflect user requirements, are engineered with security in mind, designed with security architectures, and built using secure coding practices. Such coverage goes a long way towards improving the overall security state of applications, which are commonly held to be among the most popular vectors used by those ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
McAfee product strategy needs focus, analysts say
Slew of McAfee product initiatives pique interest of customers but industry analysts say the security giant needs to sharpen its focus.
-
Information security professionals on their pay, certifications
The economy is dragging down pay for information security professionals but not dampening their dedication.
-
McAfee product strategy needs focus, analysts say
-
-
Due diligence processes for cloud computing compliance
Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.
-
How to use an automated user provisioning system for access control
by Randall Gamby, Contributor
Re-architect your provisioning system into a first line of defense for access management.
-
Due diligence processes for cloud computing compliance
-
Columns
-
Microsoft security proposal is noble, but no way
To cure the botnet plague, Microsoft wants to quarantine infected consumer PCs until they're remediated.
-
The Application Security Testing Gap
by C. Warren Axelrod
Application security reviews miss a critical vulnerability by not ensuring functional security.
-
Schneier-Ranum Face-Off on the dangers of a software monoculture
Security experts Bruce Schneier and Marcus Ranum debate the impact of a software monoculture on computer security.
-
Microsoft security proposal is noble, but no way
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...