• HOME
• COMPANY
  • About Aspect
  • Customers
  • Management
  • Careers
  • Contact Us
• SERVICES
  • About Aspect’s Services
  • Assurance Services
    for your application security verifications
  • Acceleration Services
    for your application security initiatives
  • Education and Training
• NEWS
  • Events
  • Press Releases
  • News
• RESOURCES
  • OWASP
  • White Papers
  • Case Studies

What Is Application Security?

Application security is an engineering discipline focused on producing software that organizations can trust their business to. At the technology level, application security focuses on threats, attacks, vulnerabilities, and countermeasures in software. To achieve application security, organizations need a strategy that is aligned across teams, processes, and supporting technologies.

What Kinds of Applications Need Security?

Whether deployed on the corporate intranet or the public Internet, whether they're web applications, web services, rich-client, or mainframe applications, successful attacks on critical applications can mean lost revenue from fraudulent purchases and downtime, massive identity theft resulting in fines and penalties, and loss of goodwill from bad press or unhappy customers. With improvements in network security over the last decade, attackers have turned their attention to custom applications.

What Standards Apply to Application Security?

Many industries are developing standards and regulations that directly require security at the application layer, including VISA/MasterCard/AmEx PCI, FISMA/NIST 800-53, OWASP, Sarbanes-Oxley, HIPAA, and GLBA. Management of application security risks as well as compliance with these standards and regulations dictate that organizations initiate application security programs and verify the security of their applications.

What Is Different about Application Security?

In the past, security activities focused mostly on IT infrastructure built from products like operating systems, routers, firewalls, and the like. Application security, on the other hand, is about securing your custom enterprise applications. These custom coded applications are frequently developed internally, although many are outsourced.

Where Can I Learn More?

There is a lot of application security information available at the Open Web Application Security Project (OWASP). Aspect is an active supporter of OWASP and leads several projects there.