Application security: Difference between revisions
CSV import |
CSV import |
||
| Line 38: | Line 38: | ||
{{computer-security-stub}} | {{computer-security-stub}} | ||
{{No image}} | {{No image}} | ||
__NOINDEX__ | |||
Latest revision as of 04:46, 17 March 2025
Application security refers to the measures and countermeasures taken during the development process to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade, or maintenance. Some of these threats include unauthorized access, code injection, data breaches, and denial of service attacks.
Overview[edit]
Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities. Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such as design, development, deployment, upgrade, maintenance.
Types of Application Security[edit]
There are several types of application security, including:
- Authentication: This is the process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
- Authorization: This is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use.
- Encryption: This is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography.
- Firewalls: A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
- Antivirus software: This is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
Application Security Testing[edit]
Application security testing is a critical component of application security and the wider field of Cybersecurity. It can be performed using a variety of methods, including:
- Static application security testing (SAST): This is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the “inside out” in a nonrunning state.
- Dynamic application security testing (DAST): This is a process of testing an application or software product in an operating state. This kind of testing is helpful for industry-standard compliance and general security protections for evolving projects.
- Interactive application security testing (IAST): This technology is able to observe the application behavior in real-time to identify vulnerabilities. It’s basically a combination of SAST and DAST methods.
See Also[edit]
This article is a computer security stub. You can help WikiMD by expanding it!
