Application Security

---

Goals

• Define application security, including software development vulnerabilities, web security, and database security
• Identify application security tools, including sniffers, web application analysis tools, and fuzzers
• Align account permissions configurations for operating systems, applications, and databases with the principle of least privilege
• Identify elements of risk management in policies and procedures
• Categorize cybersecurity principles and defense concepts according to area of impact
• Identify password security best practices
• Classify security principles and actions according to the types of attacks they mitigate or eliminate
• Identify the key information or critical fields to be analyzed, using a range of cybersecurity tools to determine vulnerabilities or possible attacks
• Classify cybersecurity tools according to the type of vulnerability they find/identify
• Classify attacks according to the cybersecurity concept or principle that was violated
• Identify the types of assets or resources that can be secured
• Categorize security principles and cyber defense concepts according to the type of asset or resource needing protection
• Classify threats and attacks according to what leg of the CIA triad is targeted

Sources of Application Vulnerabilities

• Software Development Vulnerabilities
• Web Application Vulnerabilities
• Database Vulnerabilities

Application Security Tools

• Packet Sniffers
• Web application analysis tools
  • typically search for common flaws like XSS or SQL injection
  • have high rates of false positives
  • E.g.
    • OWASP Zed Attack Proxy (ZAP)
    • Burp Suite
• Fuzzers