Computer securityis a branch of computer technology known asInformation Securityas applied tocomputersand networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The term computer system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The strategies and methodologies of computer security often differ from most other computer technologies because of its somewhat elusive objective of preventing unwanted computer behavior instead of enabling wanted computer behavior
application security
Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive data. Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.
Actions taken to ensure application security are sometimes calledcountermeasures. The most basic software countermeasure is anapplication firewall
that limits the execution of files or the handling of data by specific installed programs. The most common hardware countermeasure is arouterthat can prevent theIP addressof an individual computer from being directly visible on the Internet. Other countermeasures include conventional firewalls,encryption/decryption programs, anti-virus programs,spywaredetection/removal programs, and biometricauthenticationsystems.
Application security can be enhanced by rigorously defining enterprise assets, identifying what each application does (or will do) with respect to these assets, creating a security profile for each application, identifying and prioritizing potential threats, and documenting adverse events and the actions taken in each case. This process is known asthreat modeling. In this context, a threat is any potential or actual adverse event that can compromise the assets of an enterprise, including both malicious events, such as a denial-of-service (DoS) attack, and unplanned events, such as the failure of a storage device.
RELATED GLOSSARY TERMS:session prediction (credential/session prediction),CGI scanner,session hijacking (TCP session hijacking),Trusted Computing Group (TCG),release,pigs and chickens,Software Process Improvement and Capability dEtermination (SPICE),denial of service (DoS),HTTPS (HTTP over SSL or HTTP Secure),work breakdown structure (WBS)
This was last updated inJanuary 2006
Types
IT realm
§ Application security
§ Computing security
§ Data security
§ Information security
§ Network security
Application security
Application securityencompasses measures taken throughout the application's life-cycle to prevent exceptions in thesecurity policyof anapplicationor the underlyingsystem(vulnerabilities) through flaws in thedesign,development,deployment,upgrade, ormaintenanceof the application.
Applications only control the use of resourcesgrantedto them, and notwhichresources are granted to them. They, in turn, determine the use of these resources by users of the application through application security.
Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP Top 10 has become an industrial norm in assessing Web Applications.