Information Technology

Application Security & its Phases

Application security is the process of developing, adding, and testing security features in applications to prevent vulnerabilities such as unauthorized access and modification.

For Example:

Application security verification, licensing, encryption, access, and testing are examples of application security features. Developers can use code to mitigate security vulnerabilities in applications.



There are three phases of Application security:

Phase I: GRASP



Phase I: GRASP:

Most leaders think safety is about proactivity, but it’s really about loyalty. Many organizations are moving towards security by reducing the number of concrete actions required to reach a safe harbor. While many of these tasks are important, the organization needs to understand what needs to be accomplished and why before taking the appropriate actions.

Organizations often want to take direct action without first making a plan. The Cheshire cat in Alice in Wonderland said, “If you don’t know where you are going, any road will take you there.” The purpose of the GRASP section of the business plan is to determine where you are headed, why this trend matters, and how to address it.

In my presentation at CSS North America, I will explain this concept in detail and explore the key aspects of this business plan including:

  • Define Your Goal
  • Understand the Business Context
  • Implement Threat Model


Most leaders believe safety is in the process, it’s really about self-determination. Many organizations get caught up in what I call the “delivery trap”, where the organization specifies certain regulatory details and then verifies that it adheres to that framework.

However, security models based on reference lists are inherently flawed as they do not take into account micro and other features specific to that organization; Therefore, even the “compatible” system will have holes in security mode. Instead, organizations should focus on process-based compliance rather than due diligence. This requires the organization to understand how to attack systems, identify potential vulnerabilities and decide how to correct those deficiencies.

During our talk we will explore the main functions of this phase, including:

  • Break Security Features
  • Chain Vulnerabilities
  • Strategize Mitigations


Most leaders think of safety as education and “being in good health”. Businesses often want to keep a record of the security of their systems that can be used for marketing and sales. But he thinks security is immutable and security is real. Attackers will evolve, attack strategies will be invented, market conditions will change, and technology will repeat itself.

All these developments are fundamentally changing the disaster model and conflict environment and the organization must adapt accordingly. To be successful, organizations must continually educate, train and nurture themselves.

In our talk we will explore the key features of this chapter, including:

  • Reassess System
  • Study Attack Evolution
  • Update Security Models

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button