Techweb Digital Library

A CISO's Guide to Application Security


Click here to download now

Source: Fortify
Date: November 2009
Type: White Paper
Rating: (8)
Save for Later
Email a Colleague
Rate This Asset

Overview: Security breaches are expensive. They cost time, effort, remediation, and reputation restoration. Many IT decision-makers tend to focus their security efforts almost exclusively at the network perimeter. They overlook the software applications that run their day-to-day agencies. These applications are often packed with Social Security numbers, addresses, personal health information, or other sensitive data.

Focusing on security features at both the infrastructure and application level isn’t enough. Organizations must also consider flaws in their design and implementation. Hackers looking for security flaws within applications often find them, thereby accessing hardware, operating systems and data. In fact, according to Gartner, 75% of security breach¬es are now facilitated by applications. The National Institute of Standards and Technology raises that estimate to 92%. And from 2005 to 2007 alone, the U.S. Air Force says application hacks increased from 2% to 33% of the total number of at¬tempts to break into its systems.

To secure your agency’s data, your approach must include an examination of the application’s inner workings, and the ability to find the exact lines of code that create security vulnerabilities. It then needs to correct those vulnerabili¬ties at the code level. Finally, a comprehensive prevention strategy is needed to fend off future attacks and mitigate current ones.

As a CISO, you understand that application security is important. What steps can you take to avoid a security breach? Read the CISO’s Guide to Application

DOWNLOAD NOW

Not what you're looking for? Search again
Go Advanced »
More From the Application Security Section
VENDOR INDEX 0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Performance Management, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Data Quality

Development : Open Source, Windows/.NET, Web Development, Security, Mobility, Java, High Performance Computing, Embedded Systems, Development Tools, Database, Architecture & Design, C/C++

Government : Cloud/SaaS, Leadership, Information Management, Federal, Mobile & Wireless, State & Local, Enterprise Applications, Security, Policy & Regulation, Enterprise Architecture

Hardware : Virtualization Hardware, Windows Servers, Utility/On-demand Computing, Unix/Linux servers, Supercomputers, Peripherals, Macintosh, Handhelds/PDAs, Grid/Cluster Computing, Desktops/PCs, Data centers, Blades, Processors

Healthcare : Interoperability, Administration systems, Clinical information systems, Electronic medical records, The Patient, Security & Privacy, Leadership, Policy & Regulation, Mobile & Wireless

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Social Business, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Internet Policy

Management : Career Development, Training, Small-Medium Business, Salary/Compensation, ROI/TCO, Regulation/Compliance, Recruiting, Personnel Management, Outsourcing, Legal, H-1B, Executive Insights/Interviews, Workplace Trends

Mobility : WLAN, Wireless Security, Wi-Fi/WiMax, Wi-Fi VOIP, Smartphones, 3G Wireless/Broadband, Muni Wireless, Mobile Messaging, Mobile Business, Fixed Mobile Convergence, 802.11x, RFID

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Virtual worlds, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Global Positioning Systems

Security : Security Administration, End user/Client Security, Encryption, Cyberterror, Attacks/Breaches, Application Security, Antivirus, NAC, Perimeter Security, Privacy, Vulnerabilities and Threats, Storage Security, Intrusion Prevention

Services : Telecom/Voice Services, Business Process Outsourcing, Business Services, Disaster Recovery, Systems Integration, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Hosted Applications

Software : Web Services, Service Oriented Architecture, Server Virtualization, Productivity Applications, Operating Systems, Open Source, Linux, Hosted Software/Applications, ERP, Development Tools, Databases, Database Applications, CRM, Business Systems Management, Integration, Application Optimization

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Internet policy, Presence, Collaboration Systems, Business, Regulation, Call Centers

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Security, Open Source, Operating system, Office Suite

More Security Resources

Check Point 2013 Internet Security Report
The Check point 2013 Security Report examines top security threats, risky web applications that compromise network security, and loss of data caused by employees unintentionally. Based ......

More On Security

Blogs