Web application security is one component of an overall IT security program. A web application is any form of application or service that is accessed through a web browser, or at least relies on the internet to deliver services.
When we look for vulnerabilities specifically within a web application, this is often done within the context of a wider system vulnerability assessment – though such assessments can also cover only cover on specific application (especially if critical to normal operations).
What a web application vulnerability assessment will look for may include:
- Identifying exceptions (within the application) to the security policy of the underlying system.
- Identifying security flaws based on the design, development, deployment, upgrade, or maintenance of the application.
- Analyzing, classifying, and prioritizing assets within the application.
- Identifying security vulnerabilities within the application
- Determining what attack vectors can exploit these vulnerabilities.
- Suggesting safeguards and / or countermeasures that remove or mitigate those risks.
Purpose of a Web Application Security Scan:
Information gathered from a web application vulnerability assessment, should be used to improve web application management – so as to provide a better system design and risk mitigation strategy.