Application security assessment is the process by which applications and their performance are analyzed to check if there are any flaws in design, development or execution that will hamper the function of the application. In order to make a correct assessment of application security, one must first need to identify the types of threat faced by the system and also have knowledge about the network and host. One should also recognize vulnerable areas where they may be possible attacks and how to counter them in order to minimize risks in the future. The most common types of application security problems are authentication, cryptography, data tampering etc.
Sample Application Security Assessment:
The following risk assessment has been made by Tech Know, San Francisco
Name: Cyborg Enterprises Inc
Address: 933 Grace Hill, San Francisco
Objective of assessment: To recognize all the threats, attacks and vulnerable points in a systems application and suggest measures to counter those risks
- The company’s system applications where examined and their current security methods were found wanting. The assessment was conducted based on the performance of the network, host and application.
Assumptions and limitations:
- There is danger of disclosure of confidential data and unauthorized access to sensitive data
- Network eavesdropping and data tampering have occurred previously in the past
- Malware attacks are possible and there can be a risk of identity theft in the future
- Automated tools like penetration testing tools and static code analysis tools are used to identify application vulnerability areas
- Security testing must be conducted in a regular and systematic manner