Application Security Assessment is designed to identify and assess threats to the organisation through bespoke, proprietary applications or systems.
These applications may provide interactive access to potentially sensitive materials, for example:
- It is vital that they be assessed to ensure that, firstly, the application doesn’t expose the underlying servers and software to attack, secondly that a malicious user cannot access, modify or destroy data or services within the system.
Even in a well-deployed and secured infrastructure, a weak application(s) can expose the organisation’s critical data to an unacceptable risk.
Web and Application Server Misconfiguration
Web server and application server configurations play a key role in the security of a web application. These servers are responsible for serving content and invoking applications that generate content. In addition, many application servers provide a number of services that web applications can use, including data storage, directory services, mail, messaging and more.
Frequently, the web development group is separate from the group operating the site. In fact, there is often a wide gap between those who write the application and those responsible for the operations environment. Web application security concerns often span this gap and require members from both sides of the project.