FAQ(Frequently Asked Questions):

1      Does Application security defeat zero-day attacks?
Zero-day attacks come in two varieties: attacks exploiting vulnerabilities in custom applications, and attacks aimed at vulnerable packaged applications for which a patch has not yet been released. An application security solution must detect and defeat all forms of zero-day attacks. For defending against zero-day attack a security model has to be made which on implementation understands the correct application behaviour in real time.

2      What is security testing and why is important?

A process that tests a piece of software to ensure its data is adequately protected and the system maintains stability. Steps followed in security testing:

●     Authentication

●     Authorization

●     Security Configuration

●     Penetration Testing

●     Vulnerability Assessment

Security testing helps to identify the loopholes present in the system design and code which provide a gateway to unauthorized access and leads to loss of confidential information by means of hacking.

3      Why training is important for SSDLC?

Training is important for the entire team involved in the development of the software in order make it clear about their roles in the development process to ensure security features at their end.

 

4      What are the critical areas that one should consider while writing a security requirement?

The four major areas that you should consider when collecting and writing security requirements document are:

1      User Management: This refers to the requirements at the user end like security of personal and confidential information.

2      Data Management: This refers to the security issues related to the security of the data that has to be  stored in the database of the software

3      Access Control: This refers to the authentication of access to various people playing different roles.

4      Auditing: This refers to the requirements while conducting inspection and review of the software for finding the vulnerabilities.