Application Security
Application security is the use of software, hardware, and procedural methods to protect applications from external threats.
Security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.
Helpful terms
Application firewall - an enhanced firewall that limits access by applications to the operating system (OS) of a computer.
Backdoor - A method of bypassing established authentication or other security processes to obtain access to a system.
Cross-Site Scripting (XSS) - An attack on an application where malicious executable scripts are injected into a trusted application or website.
Countermeasure - is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it.
Encryption - The transformation of plaintext data into indecipherable data (ciphertext).
IP address - short for Internet Protocol address, is an identifying number for a piece of network hardware.
JavaScript hijacking - is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScriptand XML). Nearly all major Ajax applications have been found vulnerable.
Router - a networking device that forwards data packets between computer networks.
Countermeasures
Different techniques are used to surface such security vulnerabilities at different stages of an applications lifecycle such design, development, deployment, upgrade, maintenance.
Actions taken to ensure application security are sometimes called countermeasures. The most basic software countermeasure is an application firewall that limits the execution of files or the handling of data by specific installed programs.
The most common hardware countermeasure is a router that can prevent the IP address of an individual computer from being directly visible on the Internet. Some basic techniques used for application security are: Input parameter validation, User/Role Authentication & Authorization, Session management, parameter manipulation & exception management, and Auditing and logging.
Other countermeasures include conventional firewalls, encryption/decryption programs, anti-virus programs, spywaredetection/removal programs and biometric authentication systems.
Security measures built into applications and a sound application security routine minimize the likelihood that unauthorized code will be able to manipulate applications to access, steal, modify, or delete sensitive data.