Application Security Opportunities and Insights
Experts Offer Advice on Where Institutions Can Beef Up Efforts and be Compliant A recent Comptroller of the Currency (OCC) guidance emphasizes the need for stronger application security within financial institutions and their third-party service providers to maintain integrity of data, mitigate true risks and avoid being prime targets for criminal activities. We queried two information security and application security experts, who offered their perspectives on why application security plays such an important part in a financial institution's overall security program.Focus of Application Security
"Organizations need to build security into their applications by adopting security best practices to be considered and incorporated at every stage of the application development life cycle and by ensuring that security is defined as a requirement in the process," says Jennifer Bayuk, a senior information security management consultant and prior CISO at Bear Stearns & Co., Inc based in Whippany, New Jersey. For applications that have not gone through the security life cycle process, Bayuk suggests reviewing source codes and scanning all components of the web server individually for identifying known vulnerabilities. The bottom line is - "learn to protect your applications" says Bayuk.
Additionally, Bayuk points out:
Sahba Kazerooni, a senior information security and application professional at Security Compass, an application security consulting company based in New Jersey, shares his insight on challenges seen and experienced: