Application security - definition & overview

Application security is a catch-all term that encompasses any security measures deployed at the application level of an organization's technology stack. Application security can have hardware, software and procedural components that work together to prevent sensitive data or confidential code from being stolen by cyber attackers.

Application security incorporates elements of network security, content security and endpoint security to ensure that an application and its contents are safe from cyber-attacks. Today's applications must be continuously monitored to ensure their security status is adequately managed. This is especially true for applications that are accessed via the internet. Web-based content management systems, database tools and SaaS applications are attractive targets for cyber attackers for three reasons:

1. They often contain sensitive data, including medical records or credit card information that can be stolen by infiltrating and manipulating the source code.
2. The complexity of web-based applications today increases the probability that cyber attackers can find a vulnerability within the code.
3. Attacks can be scripted, automated and delivered against many targets at once, especially with the use of botnets.

To secure their web applications against cyber attacks, application security experts engage in a four-stage, iterative cycle of application security management.

Assess - Security analysts assess the current security posture of the application by discovering the servers hosting the application and related databases, testing the configuration to determine whether any vulnerabilities exist, evaluating the risks associated with the vulnerabilities and examining how the data and applications are used. This assessment determines what types of security controls should be implemented to mitigate known vulnerabilities.

Set policies and controls - Once analysts have fully assessed the security of an application, the next step is to implement remedial policies to compensate for known vulnerabilities. New policies and controls can include a variety of different countermeasures, including hardware or software implementations and authentication procedures.

Monitor and enforce - Once new policies and controls have been deployed to help manage application security, security analysts must continually enforce the policies while monitoring the usage of the application and database to ensure that the new controls are not negatively impacting users. If an organization is working towards compliance with a published data standard, it needs to have a comprehensive audit process that can be used to independently verify data activity and integrity.

Measure - Security analysts measure the performance of their implemented security controls against defined KPIs to determine whether the implemented policies are adequately protecting the application. The measurement of application security also includes an analysis of security events to assess how the implemented countermeasures function in the event of an actual or simulated cyber attack.

Application developers can implement a variety of security controls to protect web or cloud-based applications from cyber attacks. This list of application security controls and countermeasures includes a selection of the most common tools and techniques that security analysts and developers may implement.

Network firewall - A network firewall is not technically an application layer countermeasure, but they do play an important role in stopping certain types of cyber attacks. A network firewall controls access to a secured local area network, protecting it from unauthorized access and controlling inbound and outbound communications concerning the network.

Web application firewall - Application firewalls are positioned closer to the application than network firewalls and are instrumental as countermeasures against several common types of security threats, including SQL injection attacks, cross-site scripting (XXS) attacks and Distributed Denial of Service (DDoS) attacks.

Encryption - Encryption is a data security countermeasure that encrypts sensitive data at the application level to ensure that only authorized parties can read it. When encryption is implemented at the encryption layer, security analysts ensure that sensitive data is protected before it is moved to storage in a database or cloud environment.

Access controls - Access controls are a procedural tool used by security experts to minimize the risk of unauthorized access to the sensitive data contained within an application. The basic premise of access control is to ensure that the identity and authorization status of a user is duly authenticated before they can be permitted to access sensitive data. Organizations may also use physical tools to limit application access, such as restricting and monitoring access to the server room where the application database is hosted.

SSL inspection - SSL inspection is a type of security tool that investigates encrypted web traffic between the application and the internet to determine whether those communications may contain viruses or malware.

Software developers use different types of application security testing tools to evaluate the security posture of their software at various points in the development life cycle.

Static testing is used by software engineers to analyze code that is in development and ensure that security vulnerabilities are not being introduced. Dynamic testing tools analyze running code, simulating attacks on the production environment and collecting data on the results for security analysts to review. There are also interactive testing tools for app developers that combine elements of both dynamic and static testing.

As IT organizations deploy an increasing number of software applications in hybrid cloud environments, there is a growing need to consolidate security monitoring into a single platform that offers transparency and visibility of security throughout the entire network. With Sumo Logic, event logs are aggregated from all applications on the network into a single platform where they can be monitored, measured and reviewed to improve the security of all critical applications.