A security professional must focus on the following when considering security to applications.
Asset: An asset is basically a resource. It may be a computer, an operating system, a DBMS, and so on. In the application security parlance, an asset is the application itself.
Threat: A threat is an entity or event that could compromise an asset by exploiting any weaknesses or vulnerabilities in the asset. Some common threats to the applications are malware such as viruses, worms, trojan horses, logic bombs, and so on.
Threat agent: A threat cannot manifest on its own. It needs an agent to exploit vulnerabilities. For example, fire is a threat and not having a fire extinguisher is vulnerability. Fire ...