Application Security

The recent past has seen dramatic and systematic changes in the landscape of application software, tools in medium and large organization. Organizations are increasingly investing in more and more modern software platform to improve business reach, profitability and to retain their competitive advantage. Most applications, traditional client server, web and mobile applications are exposed to not only to employees, but contractors and third parties as well.

The changing application landscape throws up fresh challenges each at organizations across the globe in terms of securing the data that resides in their systems as well as data that flows though their networks due to lacunae in the in configuration, deployment or even the application source code itself.

It is a misnomer that only organization that have internet/intranet based applications are at risk of Cyber threat. Cyber threats can emerge from internal as well as external sources.

Circa 2014

  • Sony Pictures Entertainment’s (SPE) online attack resulted in the theft and publication of sensitive employee personal data and corporate communication.
  • Chase suffered a breach that affected 76 million households and 7 million small businesses.

Circa 2016

  • Bangladesh Bank official may have been involved theft of $81 million from its account with the New York Federal Reserve Bank

Application Security is not a onetime exercise, it is an ongoing process with some components embedded in day-to-day practices as usage and some executed at periodic intervals. A robust and evolving process and tool is key to a successful application security of any organization.

At Futuretech we have adopted leading security standards (ITIL, COBIT, ISO 27K, PCI DSS) to build a comprehensive methodology and toolkit for Application Security with eight major steps and coverage that includes traditional applications, web and mobile applications.

  • Application Inventory
    • Complete inventory (systems & sub systems) that covers online and offline data usage
    • Third Party plug-ins
    • Touch Points
  • Assessing Potential Risk
    • Internal Threats
    • External Threats
  • Identify & Prioritize Gaps
    • Create an Organizational Application Risk Score
  • Risk Rating Model
  • Align Security Processes
  • Implement Controls
  • Rollout Secure Environment
    • Configuration Management Tools
    • Streamlined Processes
    • Awareness & Training
  • Select and Deploy - Application Security Tools
  • SAST - Static Application Security Testing Tools
  • DAST - Dynamic Application Security Testing Tools
  • Fuzz testing tools to Identify
  • IAST/ RASP - Instrumented / Runtime Application Testing Tools
  • Vulnerability & Penetration Testing Tools
  • SCA - Software Composition Analysis Tools