Week 1 Blog: Hiya!

Hello, my name is Kailei H. I'm the lovely writer you'll be reading when you come to "Hack what your momma gave you." This blog will be about two things- application security and risk management. Additionally, it might be used to document my development as a security professional.

Recently, I decided to informally research application security. This topic peaked my interest as I'm unfamiliar with this given the nature of how my company handles security. We haven't done a bunch of work around secure coding and how vulnerable the actual apps are, especially given we do in-house coding for our ERP system.

The key thing I've discovered is that we need to have the data classified and tagged as such. The type of security you used and developed with app depends on this so you can't use the principle of least privilege when it comes to access controls. "Based on the classification of the data being processed by the application, suitable authentication, authorization, and protection of data in storage or transit should be designed for the application in addition to carrying out secure coding" (Chakraborty, 2017).

Additionally, this provides some additional benefits. This allows the apps to be developed for exclusive use on various platforms thus allowing the use of the built-in security features (Ashbel, 2017). This is interesting to me especially as the trend grows to move to various cloud-based solutions and allowing mobile devices to perform work.

References:

Ashbel, A. (2017, May 05). The importance of application security in an increasingly connected world. Retrieved November 30, 2017, from https://www.scmagazineuk.com/the-importance-of-application-security-in-an-increasingly-connected-world/article/651314/

Chakraborty, M. (2017, October 25). Application Security vs. Software Security: What's the Difference? | Synopsys. Retrieved November 30, 2017, from https://www.synopsys.com/blogs/software-security/application-security-vs-software-security/