Application security

From WikiMD's Wellness Encyclopedia

Application security‏‎ refers to the measures and countermeasures taken during the development process to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade, or maintenance. Some of these threats include unauthorized access, code injection, data breaches, and denial of service attacks.

Overview[edit | edit source]

Application security‏‎ encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities. Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such as design, development, deployment, upgrade, maintenance.

Types of Application Security[edit | edit source]

There are several types of application security‏‎, including:

  • Authentication: This is the process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
  • Authorization: This is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use.
  • Encryption: This is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography.
  • Firewalls: A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
  • Antivirus software: This is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.

Application Security Testing[edit | edit source]

Application security testing is a critical component of application security and the wider field of Cybersecurity. It can be performed using a variety of methods, including:

  • Static application security testing (SAST): This is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the “inside out” in a nonrunning state.
  • Dynamic application security testing (DAST): This is a process of testing an application or software product in an operating state. This kind of testing is helpful for industry-standard compliance and general security protections for evolving projects.

See Also[edit | edit source]

WikiMD
Navigation: Wellness - Encyclopedia - Health topics - Disease Index‏‎ - Drugs - World Directory - Gray's Anatomy - Keto diet - Recipes

Search WikiMD

Ad.Tired of being Overweight? Try W8MD's physician weight loss program.
Semaglutide (Ozempic / Wegovy and Tirzepatide (Mounjaro / Zepbound) available.
Advertise on WikiMD

WikiMD's Wellness Encyclopedia

Let Food Be Thy Medicine
Medicine Thy Food - Hippocrates

WikiMD is not a substitute for professional medical advice. See full disclaimer.
Credits:Most images are courtesy of Wikimedia commons, and templates Wikipedia, licensed under CC BY SA or similar.

Contributors: Prab R. Tumpati, MD