Mapping the Application Security Terrain - Part One
Reader stats
Article rating
No ratings yet
Reader rating appears publicly after enough eligible article ratings.
Rate this article
Sign in to rate this article.
The number and type of protection measures for these applications is growing. The selection of an appropriate application security risk management solution should take into account the business's diverse requirements and factors. There is no single solution that will fit every company's needs.
Those responsible for the security of their environments need to understand what risks are present in their applications, as each vulnerability has an associated criticality that is based on various factors. Armed with this knowledge, an appropriate risk management strategy can be developed with prioritized action to reduce these threats.
AsTech Consulting has over 10 years of experience assessing internet applications using manual and automated methods for both 'white box' and 'black box' assessments. We have developed a range of service levels utilizing these methods to match our customers' business needs and security requirements.
So what is the required level of application security assessment?
As enterprise application security requirements are considered, it is useful to put them in the same context as various other software attributes that we usually deal with:
Functionality
Usability
Performance
Reliabilityr
Security
However, we can't deal with the characteristics of our applications in isolation; we consider them in the context of business requirements and real world business factors including feasibility, funding, return on investment, and opportunity cost.
While better is always desirable, we can't evaluate what is better without understanding the status quo. We need to answer the "better than what?" question. This requires sufficient analysis/assessment to identify a comparative baseline.
For example: A company's web-facing newsletter sign-up page is found to have a cross-site scripting vulnerability. Addressing this risk may require $20,000 in development costs. Is this the best use of funds for this company?
In theoretical terms we want absolute safety. In practical terms we want a "reasonable or better" level of security. The definition of "reasonable" is only meaningful within the context of a specific application and business. The definition may be based upon government (e.g. DOD levels of classification), industry group requirements (Payment Card Industry), and business domain.
The very act of measuring security, performance, or reliability has an associated variable cost based upon the precision and thoroughness of the analysis, the skills of the analysts, etc.
An application security assessment process is the method of identifying application security vulnerabilities so that the business can make informed risk management decisions that include the evaluation of the financial and opportunity costs associated with mitigating the identified security risks. The thoroughness, depth, and cost of an application security assessment process should reasonably vary with business requirements.
Stay tuned for part two, where we'll look at what types of security risk to consider.
Article author
About the Author
Further reading
Further Reading
Article
Windows 11 License â Official Windows 11 License for Seamless Installation and Activation
Are you planning to upgrade your PC or laptop to the latest operating system? A windows 11 license (windows 11 lizenz) ensures that your installation is fully authentic, providing seamless access to updates, security features, and enhanced performance. With Microsoftâs latest operating system, having a legitimate license is crucial for unlocking its full potential and avoiding interruptions caused by unauthorized versions. What Is a Windows 11 License?rnA Windows 11 license
March 16, 2026
Article
How an Asbestos Survey Helps Protect Health and Safety
Asbestos has long been recognized as a silent threat to health and safety. Found in many older buildings, this mineral fiber can lead to severe health conditions when disturbed. Today, asbestos-related illnesses continue to emerge, reminding us how essential it is to detect and manage its presence. One of the most effective ways to handle this challenge is through an asbestos survey. An asbestos survey serves as a critical safety step for property owners, construction teams,
March 15, 2026
Article
Greenhouse Stores â Premium Greenhouses and Garden Growing Solutions
For gardening enthusiasts looking to maximize their growing potential, Greenhouse Stores offers premium greenhouses and garden growing solutions that make cultivation easier and more efficient. From small backyard setups to large professional greenhouses, their products provide gardeners with the tools needed to extend growing seasons, protect plants, and enhance productivity. Whether you are a hobbyist or an experienced grower, their range of high-quality solutions ensures t
March 15, 2026
Article
Emergency Nang Delivery Open 24 Hours â Fast Response, Reliable Access & Discreet Support
In todayâs on-demand economy, customers expect immediate access to essential products at any hour. Whether itâs for late-night gatherings, hospitality needs, or last-minute culinary requirements, convenience and speed are critical. This is where nang delivery services operating 24 hours a day have transformed the market, offering quick dispatch times, professional handling, and discreet customer experiences that align with modern expectations. What Makes 24-Hour Emergency
March 13, 2026