1 / 7

Application Assurance

Application Assurance. Neal Ziring Information Assurance Directorate National Security Agency. OWASP AppSecDC 2010. Importance of Application Security. Applications have become the primary target of attacks. Many. Volatile. Applications. Apps are numerous and highly diverse.

lbillings
Download Presentation

Application Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application Assurance Neal Ziring Information Assurance Directorate National Security Agency OWASP AppSecDC 2010

  2. Importance of Application Security Applications have become the primary target of attacks. Many Volatile Applications • Apps are numerous and highly diverse. • OS and platform security improvements have helped push attackers up the stack. Platforms OS HW Few Stable

  3. Importance of Application Security Applications have become the primary target of attacks. • Applications, including externally exposed services, interact directly with critical data. • Attackers focus on applications because they offer the best access to valuable information and functions. Application Enterprisemission data Application Application Platform

  4. Application Assurance Resilience Visibility Application Application Governance Management Policies Application Application

  5. Application Assurance in the Lifecycle Understand key legal, regulatory, privacy constraints that apply to the application Plan for secure decommissioning Design for visibility and management Retirement Don’t write new security code; use OS, platform, & library services. Include security testing from Unit test onwards. Audit intelligently to support visibility and facilitate continuous monitoring Stress-test security functionality

  6. Emerging Application Security Challenge Areas • Mobility and mobile applications • Cloud computing • Web 2.0 and composable web services • “Smart things” • Trusted Computing

  7. Wrap-up • The role for application developers is changing: they have become the first line of defense for mission. • Recommendations: • Incorporate security into the entire application lifecycle • Reducing vulnerability is necessary but not sufficient • Consider resilience, governance, visibility, and management • Use platform, OS, and library security services wherever possible • Test security in all facets of testing

More Related