Access your Pro+ Content below.
The Application Security Testing Gap
This article is part of the November 2010 issue of Information Security magazine
Application security has become information security's "mot du jour," as it should be since the majority of hacks purportedly occur through the application layer. The rapid increase of interest in application security is evidenced by the explosive growth in membership in groups such as Open Web Application Security Project (OWASP), and the appearance of specific certifications, such as the Certified Secure Software Lifecycle Professional offered by ISC2. And it is apparent from the recent corporate acquisitions of such application security testing players as Ounce Labs and Fortify, by IBM and HP respectively, that the big guys also are recognizing the importance of application security. I have long been a strong advocate of ensuring that applications reflect user requirements, are engineered with security in mind, designed with security architectures, and built using secure coding practices. Such coverage goes a long way towards improving the overall security state of applications, which are commonly held to be among the most ...
Features in this issue
Slew of McAfee product initiatives pique interest of customers but industry analysts say the security giant needs to sharpen its focus.
Moving IT operations to the cloud requires careful due diligence to maintain compliance with HIPAA, GLBA and other regulations.
The economy is dragging down pay for information security professionals but not dampening their dedication.
Re-architect your provisioning system into a first line of defense for access management.
Columns in this issue
To cure the botnet plague, Microsoft wants to quarantine infected consumer PCs until they're remediated.
Application security reviews miss a critical vulnerability by not ensuring functional security.
Security experts Bruce Schneier and Marcus Ranum debate the impact of a software monoculture on computer security.