Question

Provide a reflection of at least 500 words (or 2 pages double spaced) of how the knowledge, skills, or theories of Application security have been applied, or could be applied, in a practical manner to your current work environment. If you are not currently working, share times when you have or could observe these theories and knowledge could be applied to an employment opportunity in your field of study.

Answer 1

Application security refers to the security consideration of apps by fixing the security vulnerabilities in them. The tools and techniques of application security are applied during the development stage. However, the process continues even during deployment. Application security is applied by keeping the data secure from being tampered with by the hackers and other malicious users.

It is done by securing the software, tools, procedures, and more than anything else the hardware on which the app is run. The core reason for using application security in applications and systems is to give the organization a sense of safety when it comes to sensitive assets. The security is invoked at the interface.

Application security is used to resemble inside and outside security of the application.

There are different ways to apply application security in practical manner:

1. Infrastructure:

The infrastructure should be known from the inside out. The default settings of the infrastructure in the enterprise can create issues. it can become a target of malicious code. Implementing application security requires appropriate ways to deploy the infrastructure in a safe environment.

2. Components:

All the components whether small or big should be analysed for security requirements. There are many components such as program execution sources that need prevention systems. Other sources such as databases require control and intrusion detection. It can help in preventing malicious traffic from penetrating these systems. During the development phase the issues become more complex and a firewall can be used.

3. Configuration requirements:

There are many configuration requirements needed by apps. However, sometimes it can create problems with audit and installation. It is important to find all the possible errors and loopholes. Because it can be a real challenge in the long run.

4. Tested measures:

It is always advised to use tested measures for security. Most of the time, the validation of application security tools is overlooked. The testing is the foundation for any kind of valuable security settings. It should be addressed properly. For example, if the cloud is being used, open source should be secured. The application topology should be carefully selected. It should be evaluated whether it is a good option for the given application and the organization. External parties should be contracted for the security measures. It can offer the idea of evaluation from experts.

5. Considering migration:

If teams are considering migration of data from the database to third party or cloud source, it is better that offload applications are used. This is because it will help in enabling the efforts on different applications. If a specialist provider is used they can be asked to take responsibility for the same.

6. Cloud-based products:

Application security can be made strong by the use of budgeted purchase of secure products such as hardware. SaaS based offerings often come with security benefits. They require less capital investment and require minimum configuration with installation.

7. Regular monitoring:

No matter what type of application security practice is used, it is essential to keep the monitoring regular. This can help in maintaining balance in the critical times. There are ways to generate alerts as well in case of incorrections. There are many tools that automate monitoring after certain days and generate alerts if there is a security issue. This way, the issue can be addressed at the same time.