Application Security

Applications are a fundamental part of everyday business and lifestyle in the modern interconnected world. To ensure your data and information stay safe, you need to implement application security.  To secure your applications first look towards your Application Programming Interface (API) (Which is how you communicate with your Application) and ensure that it is designed based on an industry standard as custom designs sometimes fail to meet security standards. If you are planning to launch a new application ensure that you run web application vulnerability scans prior to and following production launch, this will help you identify and manage risks associated with vulnerabilities. Lastly, make sure that the code used to develop the application is reviewed to meet security standards. To do this you can manually or automatically review an application's source code and search for security threats and weaknesses.

Control Objective

  • Application Programming Interfaces (API) developed according to industry standards
  • Web application vulnerability scans are performed prior to and following production launch and vulnerabilities are addressed
  • Code is reviewed in accordance with industry best practices

Resources

Canadian Center for Cyber Security - Patch OS and Applications Video Series

Open Web Application Security Project (OWASP) - Web Application Security Testing