Application Classification in Secure Application Development

Web Application Security Consortium released an iteresting paper which emphasises on the need for application security classification. It’s always about finding the right security balance .

In order to make effective decisions about security tradeoffs, architects and developers need to calculate the confidentiality, integrity, and availability requirements of their applications.  In short, application classification needs to precede secure application development.
 
The author’s experience in the industry has shown that, while most organizations have policies covering data classification, rarely do they have similar policies on application classification.  Developers and architects often have to make assumptions about the sensitivity of the data that they are handling and make architectural and design trade-offs based on these assumptions. 
 
Introducing Application Classification
In order to help solve this problem, organizations should implement a strong application classification program that is linked to application development.  Each application is rated “Low”, “Medium”, or “High” on the metrics of Integrity, Availability, and Confidentiality (for definitions of these terms please consult (4)).  These ratings are linked with specific security requirements within the organization’s development standards.

Read the full article : The Importance of Application Classification in Secure Application Development



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge