Certified Application Security Engineer JAVA Study Guide

Understanding Application Security, Threats, and Attacks

Application Concept

In beginning, websites are designed to be static. These static websites do not offer the number of services and integrated features as dynamic websites we see now days offer, so they were not supposed to require complex security and authentication. Even though, if someone gains the access to the code running on a website, he could only modify the content on the website. Compromising the running code will not lead to compromise the security of entire platform, although these websites require security but comparatively more layers of security are required for dynamic applications.

Today, developing websites and applications are dynamic, i.e. comprised of several integrations with one another. These integrations include databases, APIs, plugins and other entities. These dynamic applications offer different services and features, hence requires higher privileges. Let’s say, if an application has privilege to access the storage of your device, the compromise of such application will compromise the storage too. Best practices and deployment of security devices such as firewalls protect the ports, operating system along with several additional layers of security and defensive techniques to secure these type of dynamic applications.
Now, the World Wide Web is the most dynamic invention having bi-directional communication between server and browser. It requires authentication to access the sites as it bears a lot of sensitive information, privileges to perform tasks & access resources. Web applications bring a lot of facilities to their users integrated with many security threats, attacks, and vulnerabilities. Although, web applications have been developed to make use of it in our daily life to make life easy.

Secure Application

Security of application become a crucial issue due demanding flexible features and services in everyday life. When application fulfills the essence of confidentiality, integrity, and availability across its privileged resources, then it is called as a secure application.
Application can be made secure by authorizing the privileged resources like object, data, feature or function only to the authorized users.

Importance and Need of Application Security

As the world become much more digitalized and socialized; Organizations are developing their own web applications to provide feasibility to their customers, employees, business partners and third party vendors. Rapid involvement of external untrusted parties increases the risk of security and turns the application vulnerable.
Application security is revolving around the attacker and valuable assets. The goal of the attacker is to gain unauthorized access for committing malicious activities through the application server. This can be done by exploiting application vulnerabilities to launch different web attacks. Application level attack are usually intended for effecting the target to a financial loss, disturbing the business continuity, disclosure of information, damaging the reputation or fraudulent transactions.
To build a secure web application, the developer has to identify the goals to achieve, gather security requirements, application threats, vulnerabilities, and their effective countermeasures. Authentication, authorization, auditing, confidentiality, integrity, availability are the fundamental security goals to be satisfied.