• The security of an application is not only
    code review or vulnerability testing
    It is a set of actions and controls applied and verified along
    the whole life cycle of the application.
  • Application security must be demonstrated
    Declaring an application secure without measurable and verifiable evidence
    amounts to an act of faith.
  • The security of an application depends on its
    business, regulatory and technological contexts.
    An application developed to be used in your country
    may not be considered secure if used in another country.
  • Application security should be managed
    Risks change, new threats appear while others disappear.
    Is your application still secure?
  • Application security
    Def.:
    Preservation of confidentiality, integrity and availability of information
    collected, processed, stored and communicated by an application.
  • Security is a requirement
    If you don't require security, you won't get it.
  • Information security
    Def.:
    Preservation of confidentiality, integrity and availability of information
    (ISO/IEC 27000:2013).