Fundamentals of Application Security

This paper presents trends in the attack landscape, the attacker mindset, the concept of software security risk and the need to manage this risk as an organization. This paper presents common and dangerous misconceptions that lead to a false sense of security, including: client-side security does not exist, QA is not security testing, the application is not the network, tools are not solutions, patches do not guarantee security, all software applications have bugs. This paper describes specific principles that help guide design, coding and implementation decisions.

Provided by: Security Innovation Topic: Security Date Added: Jan 2012 Format: HTML

Find By Topic