Web Application Security Consortium released an iteresting paper which emphasises on the need for application security classification. It’s always about finding the right security balance .

In order to make effective decisions about security tradeoffs, architects and developers need to calculate the confidentiality, integrity, and availability requirements of their applications.  In short, application classification needs to precede secure application development.
 
The author’s experience in the industry has shown that, while most organizations have policies covering data classification, rarely do they have similar policies on application classification.  Developers and architects often have to make assumptions about the sensitivity of the data that they are handling and make architectural and design trade-offs based on these assumptions. 
 
Introducing Application Classification
In order to help solve this problem, organizations should implement a strong application classification program that is linked to application development.  Each application is rated “Low”, “Medium”, or “High” on the metrics of Integrity, Availability, and Confidentiality (for definitions of these terms please consult (4)).  These ratings are linked with specific security requirements within the organization’s development standards.

Read the full article : The Importance of Application Classification in Secure Application Development

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!