Chapter 16. Building an Application Security Preparation Mindset
Andrew King
Applications are building blocks of functionality within an organization’s infrastructure. These are software components that perform critical functions to meet an organization’s needs, and as such, require special consideration. Applications are one of the weakest links in infosec systems due to the potential exploitation of known and unknown vulnerabilities. Roughly 70% of external attacks come from exploiting software or web applications. When you buy a product and insert it into your organization, you have a proverbial scapegoat when things go wrong. However, when you build the product, the responsibility lies solely on the creating team. As such, you should have security in mind before even beginning to build your application.
There are four concepts you need to consider before you build security in applications: mindset, logging and monitoring, scope, and best practices.
Mindset: How Can You Prepare?
Application security has a major impact on business operations—both good and bad. From project conception, it is key to build a security mindset. Security as an afterthought always takes exponential effort to retrofit.
It is essential to create a playbook for when things go wrong, because they will. Come armed with preventative reactability. Bad things are going to happen, and you don’t want to ...
Get 97 Things Every Application Security Professional Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
