Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

01:00 PM
Dark Reading
Dark Reading
Products and Releases

New Information Security Forum Research Highlights Application Security Best Practices

Latest Report Describes How Application Risk is Increasing and Why Managing Risk is Critical

NEW YORK – September 22, 2015 –  As the information explosion continues, applications are proliferating and becoming increasingly diverse – moving from mainframes and servers to clouds, smartphones, wearables and other devices. In an effort to better prepare organizations with the risks associated with applications, the Information Security Forum (ISF) today announced the launch of Application Security – Bringing Order to Chaos, the organizations latest report which describes how application risk is increasing and why managing risk is critical, given the impacts organizations are experiencing and their reliance on applications.

From their earliest days, applications provided automation and efficiency, helping organizations run business processes and back office functions quickly, inexpensively and to scale. But today, the ability to create applications, once exclusive to vendors and in-house programmers, has become routine. Applications are increasingly vital to mission-critical product and service delivery in all sectors such as running manufacturing lines, checking passports at the border, executing financial transactions and distributing energy. But, despite their best intentions, many organizations are failing to apply good practice consistently across the application life cycle, leaving gaps that expose the organization to risk.

“Modern applications are written in multiple languages and run on myriad devices. They can be obtained in minutes with a credit card – then loaded with sensitive business information, often bypassing good security, governance and procurement practices,” said Steve Durbin, Managing Director, ISF. “Organizations no longer have the luxury of managing a handful of applications. Today’s portfolios contain thousands of diverse applications that complicate lines of responsibility and introduce unknown risk.”

Chief Information Security Officers (CISOs) acknowledge the need to address application risk, yet many are not doing so. Moving forward, organizations of all sizes must identify and resolve the organizational barriers that impede application risk management. Application Security – Bringing Order to Chaos equips ISF Members to improve governance and risk management across the application life cycle. It does this by:

  • Articulating the magnitude of application risk
  • Providing practical guidance on how organisations can overcome operational barriers with clear governance, better communications, the right skills and actions to address immediate risk
  • Setting out an approach that incrementally improves application risk management and embeds good practice across application portfolios

“Best practice guidelines to reduce the risk of attacks are available, and they work,” continued Durbin.  “But, application risk needs to be governed effectively; otherwise good practice will be applied inconsistently across the application life cycle, leaving risk unmanaged. Organizations that do not secure their applications will continue to present themselves as easy targets, thus leaving them open to certain reputational damage and financial loss.”

The ISF Application Security Framework is essential to the ISF approach to addressing application risk and has been developed to help organizations improve security at all stages of the application life cycle. The framework is a structured, comprehensive set of twenty-seven best practice guidelines, derived from leading practice, expert input, reputable standards and other guidance.  It is supported by an iterative approach for use by ISF Members to address immediate risk and incrementally improve information security across their application portfolios. For more information, please visit the ISF website.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.