Instance of Rating The Threats
Added on 2022-08-19
12 Pages2700 Words13 Views
Running head: APPLICATION SECURITY
Application Security
Name of the student:
Name of the university:
Author Note
Application Security
Name of the student:
Name of the university:
Author Note
APPLICATION SECURITY
1
Executive summary
The AST tools are helpful in many ways like developing the speed, path coverage and ability of
various applications of testing. Tests conducted are able to scale well and is repeatable. For the
current research, the team of information security is to be taken into consideration. A necessity is
there regarding the way how one should ensure that all the applications are running on premise along
with securing the cloud. Moreover, the measures of the latest applications to be created by the team
is evaluated in the study. Thus the following assessment is useful for top managements to understand
how the measures are to be taken along with implementing strategies against any new kind of attack.
1
Executive summary
The AST tools are helpful in many ways like developing the speed, path coverage and ability of
various applications of testing. Tests conducted are able to scale well and is repeatable. For the
current research, the team of information security is to be taken into consideration. A necessity is
there regarding the way how one should ensure that all the applications are running on premise along
with securing the cloud. Moreover, the measures of the latest applications to be created by the team
is evaluated in the study. Thus the following assessment is useful for top managements to understand
how the measures are to be taken along with implementing strategies against any new kind of attack.
APPLICATION SECURITY
2
Table of Contents
Introduction:..........................................................................................................................................3
Discussion on the developed application running currently that is vulnerable to the attacks:..............3
The new application to be developed:...................................................................................................4
New type of vulnerabilities in future:....................................................................................................4
The ways the apps can refer to every vulnerabilities that are listed in the OWASP top10:..................5
The various guidelines and different practices for the secure application development:......................6
Explaining how threat modelling is performed for one web application that continues its running on-
premise:..................................................................................................................................................7
Conclusion:............................................................................................................................................8
References:............................................................................................................................................9
Appendix:............................................................................................................................................11
Appendix1:......................................................................................................................................11
Appendix 2:.....................................................................................................................................11
2
Table of Contents
Introduction:..........................................................................................................................................3
Discussion on the developed application running currently that is vulnerable to the attacks:..............3
The new application to be developed:...................................................................................................4
New type of vulnerabilities in future:....................................................................................................4
The ways the apps can refer to every vulnerabilities that are listed in the OWASP top10:..................5
The various guidelines and different practices for the secure application development:......................6
Explaining how threat modelling is performed for one web application that continues its running on-
premise:..................................................................................................................................................7
Conclusion:............................................................................................................................................8
References:............................................................................................................................................9
Appendix:............................................................................................................................................11
Appendix1:......................................................................................................................................11
Appendix 2:.....................................................................................................................................11
APPLICATION SECURITY
3
Introduction:
There are various advantages of utilizing AST tools. This helps in enhancing speed, coverage
paths and efficiency for different testing applications. Here, the tests that are conducted can scale
well and repeatable. As any test case is been developed in the tool that can be expected against
various lines of code having minute incremental expense. In the present study, the information
security team of a business is considered. There is a necessity of how they must assure every apps to
be running on premise and the cloud is been secured. The strategy for the new applications to be
developed by the development team of the business is analyzed. This report is helpful for the top
managements regarding measures taken and strategy for any new type of attacks.
Discussion on the developed application running currently that is vulnerable to
the attacks:
The SAST or Static Application Security Testing tool is at present is at use in the company.
This is similar to the white-box or white-hat testing. Here, the tester understands the information
about the software or system to be used. This involves the architecture diagram, the access towards
the source code and so on. The SAST tool examines the source code at rest for detecting and
reporting the weakness. This leads to the security vulnerabilities (Iskandar et al., 2018). Further, the
source-code analyzer is able to run on the non-complied code for checking the defects like input
validation, numerical errors, path traversals, references, pointers and race conditions. Moreover, the
byte-code and binary analyzers has been performing the same on the compiled and built code. Here,
some of the tools has been running just on the source code and few are just compiled and few on the
both (Alzahrani et al., 2017).
3
Introduction:
There are various advantages of utilizing AST tools. This helps in enhancing speed, coverage
paths and efficiency for different testing applications. Here, the tests that are conducted can scale
well and repeatable. As any test case is been developed in the tool that can be expected against
various lines of code having minute incremental expense. In the present study, the information
security team of a business is considered. There is a necessity of how they must assure every apps to
be running on premise and the cloud is been secured. The strategy for the new applications to be
developed by the development team of the business is analyzed. This report is helpful for the top
managements regarding measures taken and strategy for any new type of attacks.
Discussion on the developed application running currently that is vulnerable to
the attacks:
The SAST or Static Application Security Testing tool is at present is at use in the company.
This is similar to the white-box or white-hat testing. Here, the tester understands the information
about the software or system to be used. This involves the architecture diagram, the access towards
the source code and so on. The SAST tool examines the source code at rest for detecting and
reporting the weakness. This leads to the security vulnerabilities (Iskandar et al., 2018). Further, the
source-code analyzer is able to run on the non-complied code for checking the defects like input
validation, numerical errors, path traversals, references, pointers and race conditions. Moreover, the
byte-code and binary analyzers has been performing the same on the compiled and built code. Here,
some of the tools has been running just on the source code and few are just compiled and few on the
both (Alzahrani et al., 2017).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Web Based System Security: Types of Testing, Methodologies, Results and Solutionslg...
|14
|3944
|345
Report on Cyber Security Managementlg...
|17
|3861
|45
Benefits and Issues of Secure Hybrid Cloud Solutionlg...
|8
|1801
|305
Information Systems Professionals Assignmentlg...
|8
|950
|41
ITNE2005 Assessment: Network Attacks and Security Audit Toolslg...
|6
|1173
|283