A CISO's Guide to Application Security

by Fortify

Nov 24, 2009

Download Security breaches are expensive. They cost time, effort, remediation, and reputation restoration. Many IT decision-makers tend to focus their security efforts almost exclusively at the network perimeter. They overlook the software applications that run their day-to-day agencies. These applications are often packed with Social Security numbers, addresses, personal health information, or other sensitive data.

Focusing on security features at both the infrastructure and application level isn�t enough. Organizations must also consider flaws in their design and implementation. Hackers looking for security flaws within applications often find them, thereby accessing hardware, operating systems and data. In fact, according to Gartner, 75% of security breach�es are now facilitated by applications. The National Institute of Standards and Technology raises that estimate to 92%. And from 2005 to 2007 alone, the U.S. Air Force says application hacks increased from 2% to 33% of the total number of at�tempts to break into its systems.

To secure your agency�s data, your approach must include an examination of the application�s inner workings, and the ability to find the exact lines of code that create security vulnerabilities. It then needs to correct those vulnerabili�ties at the code level. Finally, a comprehensive prevention strategy is needed to fend off future attacks and mitigate current ones.

As a CISO, you understand that application security is important. What steps can you take to avoid a security breach? Read the CISO�s Guide to Application