All Articles

Top technologies available for Application Security

Posted by CISO Platform on August 27, 2013 at 8:30am


Top technologies / solutions available for Application Security

Applications can be broadly classified into three categories viz. Thick client applications (Client/Server), Web Applications (Access over Internet or Intranet) and Mobile Applications. Thick client applications are increasing becoming obsolete.

(Read more:  Database Security Vendor Evaluation Guide)

Today most of the client server applications are web and mobile enabled, thus exposing them to wild Internet. So, Applications security has assumed paramount importance from the following viewpoints:

  • Access to applications and web services (Access controls and Identity & Access Management)
  • Availability of applications based on the criticality of the application to the organization’s normal business operations. So, it is important to protect Web applications from malicious attacks on the web applications. Most of the organizations have realized that the security posture of these mission critical applications are to be constantly reviewed and vulnerabilities are fixed based on the risk posed by the vulnerabilities. So, we are increasingly seeing the customers are requesting for Vulnerability Assessment & Penetration Testing on periodical basis. (Vulnerability Assessment & Penetration Testing are key service requirements for web applications security)

(Read more:  Technology/Solution Guide for Single Sign-On)

  • Web Application firewalls combined with Threat Intelligence are being increasing deployed to perform deep packet inspection of network traffic and address risk associated malicious network traffic  
  • In recent days, the clients are increasingly performing source code security review to address the security vulnerabilities during development stage itself. So, there is an increasing need of low cost source code analysis tools. Currently, adopting the Source Code security review with automated tools are prohibitively expensive for small size projects. Static Code Analyzers with low cost and less false positive rates are the need of the hour to address most the security vulnerabilities during the development stage of a solution or product.
  • For mobile applications security, most of the clients are looking at performing mobile application penetration testing and source code security review through automated tools and expert analysis.

Pros - Cons of the different type of available technology / Solutions

Identity & Access Management Solutions: While it streamlines provisioning access to applications and revoking access in a seamless fashion, rollout is a long drawn affair. Each organization and structure is unique in its own way. It requires commitment, dedicated focus of top management for ensuring the successful rollout of the IAM solutions and integration of heterogeneous applications into IAM solutions. Usually these are very expensive solutions and requires large budgets. Requires very experienced domain experts in IAM solutions implementations and involvement of business.

(Watch more : Latest Attacks Vectors and Threats on Aircrafts and Unmanned Arial Vehicles)

Vulnerability Assessment & Penetration Testing (VAPT): Provides the benefit constant assessment of security posture of mission critical applications and helps in addressing the risks associated ever evolving threats. VAPT is considered by many organizations can effectively help them identify the threats and associated risks and prioritize their remediation based on the risk levels.

Source Code Security Analysis: Very effective is properly done.

Web application firewalls and Threat Intelligence: Effective in address malicious network traffic. While rollout timelines are small, very expensive solutions. Suitable where the solutions do not have appropriate support to fix vulnerabilities at application level and tactical need.

More:  Want to share your insights? Click here to write an article at CISO Platform

Choosing the right technology

Following are the major areas that CISOs should focus when selecting the right product/solution

  • Out of the box features supported by the products and ability integrate with SIEM solutions to help generating real-time or near real-time security alerts on security incidents or attempts of exploitation
  • Easy to deploy, configure, administer and maintain. Complexity of the security solutions reduces the effectiveness and adoption
  • Last is the cost. It should justify the risks the product can address and mitigate.
  • Support and future roadmap

-By N.Nataraj, CIO , Hexaware Technologies Pvt. Ltd. 

Views: 20
Tags: Application-Database-Security
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by CISO Platform

Priyanka, Co-Founder and Editor, CISO Platform Breach Intelligence, leads our threat intelligence and incident analysis efforts, providing actionable insights to the global cybersecurity community. With extensive experience in cybersecurity leadership and breach analysis, she specializes in translating complex technical threats into strategic intelligence for security executives.

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab