Application Security

This section of the research library is dedicated to application security in its many forms. On this page we cover the basic topics; such as Access Control, Monitoring & IDS, SIM, SEM, and Log Management. For other specialized fields within application security, such as web application security and secure software development practices, we provide dedicated subsections. On the navigation bar you will see that we already have a few pages for specific coverage areas.

We will continue to fill out our application security offerings, and provide additional specific coverage areas over time. Feel free to make a request if you have something in this area you are interested in seeing.

Papers and Posts

• Adrian's comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development.
• How Common Applications Are (Now) the Weakest Link.
• Comments on "Containing Conficker" considers some of the challenges most application developers are up against.
• Immutable Log technologies help with auditing and event trail verification.
• For application security, the implementation and management of a policy set is a key factor in the cost and effectiveness of just about any security product (and, frankly, your happiness as well).
• Separation of Duties, Concept of Least Privilege, and other role-based user security measures.
• The Perils of the Insider Threat.
• PDF Security Pain, and stuff to think about on all script-enabled applications.
• A very cool way of reverse engineering applications and content with Visual Forensic Analysis tools.

Presentations

• This presentation covers Major Enterprise Application Security.

Podcasts, Webcasts and Multimedia

We do not currently have any multimedia for this topic.