What is Application Security?
Application security is the set of characteristics that enables a software system to resist attempts to subvert it.
Application security is a concern for every software product regardless of the size of the development team or its ultimate deployment environment.
How do we get Secure?
Security comes from proper development processes, from the proper application of tools, and often with the help of security experts. It is not “one size fits all.” These efforts need to be aligned with the development team and with the nature of the product.
The AppSec Program
Application security will not happen by accident. This site provides resources to support the design and evaluation of right-sized application security programs. It is not about implementation details. It does not try to dive into the details of how to make a C++ or Java application secure or how to secure an AWS application.
Organization of Material
The About page provides a little background on the motivation and how the material relates other ‘high level’ application security discussions. The core of the material starts with an outline of what an application security program looks like: Key Elements of the Program, It wraps up with a discussion of specific line items for the program: Right-Sizing. In-between are a number of Details pages that provide additional background. Different “security topics” are briefly reviewed and numerous external references are provided to support digging deeper.