The practice of application security (app sec) involves all the measures that organizations take to prevent, detect, and fix vulnerabilities in the software used to run their business.
App sec programs can vary in how they are implemented. But the goal generally is to reduce application flaws and decrease overall risk by making security an integral part of the development, integration, and testing process, rather than an afterthought during the QA phase. The focus is as much on internally developed applications as it is on software from third parties.
A majority of companies in the SANS Institute’s State of Application Security survey claimed to have an app sec program in place. Though only one-quarter of the 475 respondents in the survey described their application security program as “mature” or “very mature,” more than 80% said they had either partially or fully integrated app sec into their risk management, security, and incident response processes. Some 40% required third-party software vendors to follow documented app sec procedures and policies.
Read more here.