| |
APPLICATION SECURITY:
DETER, DETECT AND PREVENT
As application systems become more distributed,
inter-dependent, and virtualized, security
risks multiply and network-based security
protections can’t keep up. Developers
must start building security protections
into the applications and data resources
themselves in order to thwart attackers,
prevent fraud, and deter, detect or prevent
insider threats.
Application security starts with the secure
code. Security best practices must be instilled
into the software development lifecycle
(SDLC) and architecture frameworks to make
applications and security services less
vulnerable.
This Cross-Cutting Concern will
address:
- How to develop a holistic
architecture spanning applications, security,
strong identity proofing and privacy provisions.
- Superplatform security
capabilities and gaps, security management
suites, application security support,
and other market categories in the space.
- Security architectures
encompassing application security frameworks,
and web services security frameworks.
- Application firewalls,
intrusion detection and vulnerability
management technologies.
- Leveraging WS-Security,
WS-*, SAML and other protocol specifications.
- Compliance requirements
and market progress on improving encryption
of data, database security, backup media
security, and data retention/disposal
issues.
|
