Topic FAQ's
- Code Audit
- Security Audit
- Application Security Vulnerabilities
- Code Analysis
- Application Security Testing & Assessment
- Secure Application Programming
- Software Assurance
- Code Review
- Web Application Security
- Source Code Security
- Software Security Assurance Glossary
Code Audit
Highlights include:
- Auditing source code for security vulnerabilities in the development life cycle
- Common techniques for conducting source code audits
- Effectiveness of code auditing techniques
- Conducting code audits for outsourced applications
Security Audit
Highlights include:
- Key components of an application security audit
- Addressing IT risk with application security audits
- Role of application security audits in achieving regulatory compliance
- The Executive's role in assuring application security in the organization and IT security audits
- Application security audits in regulations and best practices frameworks such as:
- Sarbanes-Oxley
- CoBIT
- ISO 17799
- Determining methods and resources to implement security audit in the development lifecycle
Application Security Vulnerabilities
Highlights include:
- Causes of application security vulnerabilities
- Identifying applications that could contain security vulnerabilities
- The most common application vulnerabilities that compromise information security
Code Analysis
Highlights include:
- Why it is critical for organizations to perform source code analysis on their applications
- Who benefits from source code analysis results in the organization
- Examples of application vulnerabilities that source analysis tools are able to detect
- Benefits of manual source code analysis
- Benefits of automated source code analysis
Application Security Testing & Assessment
Highlights include:
- Application security testing and assessment as part of managing software risk
- How to perform an application security assessment
- Procedures for security assessment of applications already in production
Secure Application Programming
Highlights include:
- Building secure programming into application development process
- Using automated code analysis tools as an aid in setting secure programming standards
- Defining responsibility for application security
Software Assurance
Highlights include:
- Defining software assurance
- Importance of implementing software assurance for security
- How Ounce software aids in the software assurance process
Code Review
Highlights include:
- Peer review vs. "security" code review
- Manual code review as a method of reviewing source code for security vulnerabilities
- Building security code reviews into the software development lifecycle
Web Application Security
Highlights include:
- How the security of web applications is compromised
- Web application security's role in regulatory compliance
- Technologies available for web application security
- Benefits of implementing web application security early in the development cycle
Source Code Security
Highlights include:
- Ensuring source code security within applications
- Achieving source code security with the help of automated source code analysis tools
- Integrating source code security testing into the development process without causing significant delays in the schedule
- Top source code security vulnerabilities
Software Security Assurance Glossary
Glossary covering most common application security terms.