Application Security

Cost of an individual's data - An overview

The enterprise business data is a heart for any enterprise to run their business. Similarly the PII – the Personally Identifiable information of an individual is very sensitive in nature and it is very expensive if the data is being lost and that is the reason every enterprise classify these data as confidential and invest more to protect the data. If the PII is available to an unauthorized user, it would become dangerous and result in identity theft causing major damages to an individual as well as to an enterprise. This document describes how companies evolved to safeguard their customer data.
To explore the full article, please open the attached pdf

Authored by Ananda Narayanan G
TCS Enterprise Security and Risk Management

Importance of secure coding in operating systems

Importance of secure coding in operating systems

Bringing in more security, demands for more complexity, whatever the scenario may be. To secure your house, you put multiple locks and fix a camera in the premises. To secure your cell phone, you put a screen lock, fingerprint scanning and multiple levels of authentication. To secure your documents on your computer, you encrypt them. Even for operating systems, this holds true.

Application Security vs. Time to Market

Application Security vs. Time to Market

One of the biggest challenges, Security Analyst face is maintaining a balance between the App Security and time to market.

Both are crucial, if balance is not maintained, any one of it is bound to suffer. Once we agree to this fact, then comes the next question how to maintain the balance.

Use Case 1

Security Analyst: Scans the application, triage it and comes out with the Security Assessment report.

Developer: Receives a report, works on it, remediate the vulnerability reported. Plans for re-assessment.

Security Analyst: Re-assess the application, comes out with a re-scanned and re-assessed report.

Concern: :Old issues/vulnerability is successfully closed, but tool has identified few more new issues, issues are of high risk and need to be fixed before production deployment as per the organisation policy.

Interactive Application Security Testing : Things to know

Interactive Application Security Testing : Things to know

Vulnerabilities in web application are the major cause for security breaches and are being treated as a pain by enterprises. Continuous monitoring of web applications is a hectic process, as the organizations are adopting agile delivery to face the business challenges. Traditional DAST and SAST are widely known technologies which make it easier to perform web application security assessments.

Where can Unrestricted File Upload lead an Application to?

Unrestricted file upload is a common and a serious risk associated with the applications hosted over internet. Most of the social networking sites, applications which include user profile creation allow end-user to upload files of their own interest like .img, .mp3, .mp4, .gif etc with limited restrictions. If these files are not being validated properly it can put the application or the system in a serious trouble.

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

Crowdsourcing Cyber Security - The Next Generation Penetration Testing

It was few years ago I was associated with one e-commerce company as a security consultant for an implementation program. At that time, I came to know about how important security is for them. All our big bosses, Confidentiality, Integrity and Availability are equally important for their business. At any point of time, if a data breach happens for example if the hackers get access to the saved credit card data, it will have a huge impact to the customers and thereby their reputation. If the website is down for few minutes, that will also result in huge loss.

How effective are security test cases

In security testing, test cases are written to identify various vulnerabilities in the application, which are exposed due to improper design or coding issue. Test cases are important to improve quality of the application. Test cases help to find which feature will be tested. Test cases are effective if those are less in number but have maximum coverage in terms of security.

Following points helps to make test cases effective.

1. Test cases should be consists of simple steps and easy to understand.

New tester can execute simple test steps with ease. Test step needs to be transparent so that purpose of test case is clear.

2. Test cases should be short.

Challenges in managing an application security program

Challenges in managing an application security program

This article will outline the various challenges in managing an application security program. The article will help in identifying the various challenges faced in similar kind of projects, on which the PL/PM can work upfront to mitigate them early in the project life cycle.

There are various challenges faced during the entire project life cycle of an application security program, starting from getting the applications on time for assessment, till delivering the report with details of all the vulnerabilities found. We will see in further section the challenges faced.


Below are some of the challenges faced in application security assessment program.

Threat Modeling - Identify your threats early

Threat Modeling - Identify your threats early

Threat Modeling allows us to apply a structured approach to security and will also help us to address the threats that have the greatest impact to the application. Thereby we can systematically identify the threats that are most likely to affect our application. We need to have a good understanding of our application architecture and how we are going to implement it, so that we can plan for counter measures in a logical order. So the inclusion of Threat Modeling in the Software Development Life Cycle (SDLC) will help us to ensure that applications are being developed with security built-in from the very beginning.


Subscribe to RSS - Application Security