You can’t have a strong security posture when running vulnerable applications. Yet, various recent studies indicate that most applications contain at least one security hole. A study by Checkmarx found that 92% of companies polled had experienced a breach in the preceding year because of vulnerabilities in their homegrown applications.
Addressing these vulnerabilities is critical to preventing sensitive data from falling into the wrong hands. But application security isn’t a one-time task. Rather, it’s an ongoing effort that starts in the conceptual stages of application development, with engineers and developers ensuring their software is secure by design.
The process of securing applications continues after deployment, requiring cybersecurity teams to continuously take measures to prevent unauthorized access, data theft and code manipulation. Patching, updating and ongoing monitoring are critical to keeping applications safe and preventing them from infecting other systems across networks.
Application vulnerabilities include design flaws that allow users to access information for which they aren’t authorized, misconfigurations, third-party components with outdated or weak code, and weaknesses that enable cross-site scripting (XSS), which involves spreading malicious content through web applications.
Organizations have a vested interest in application security because so much of what they do involves software. Depending on its function, an application may contain sensitive data such as customer data, proprietary business information, and confidential employee data. If stolen, these types of data can put individuals, organizations, or both, at risk, which is why they are highly regulated. So, compliance is another important reason to ensure applications are secure.
Application Security Skills in Demand
With so much riding on application security, cybersecurity teams need professionals who have the skills and understanding to identify and address application vulnerabilities and keep their organizations’ data safe.
Skills related to application security are among the most sought-after qualifications for cybersecurity professionals. In the most recent ISC2 Cybersecurity Workforce Study, application security rated fourth among hiring and non-hiring managers, behind cloud computing security; security engineering; and risk assessment, analysis and engineering. This means cybersecurity professionals who understand how to identify vulnerabilities and safeguard applications from unauthorized access and data theft are highly marketable.
ISC2’s new Express Course, Getting Started in Application Security provides a launch pad for aspiring and current cybersecurity professionals to learn about the activities, skills and roles involved in application security. Learners in this on-demand, one-hour course will earn one CPE credit while receiving instruction on an area of cybersecurity that can either augment their existing knowledge of security or open a path into the profession.
The course covers the activities, skills and roles of application security professionals and how they apply within organizations and in relation to other security domains. When you take this Express Course, you will gain understanding in an important cybersecurity topic and learn to define application security, identify intersections with other security domains, and participate in activities centered on real-world scenarios.
