How Tenable Can Help

Leveraging Tenable Vulnerability Management (formerly Tenable.io) and Tenable Web App Scanning (formerly Tenable.io Web Application Scanning) solutions enables organizations to close attack paths, making the organization a more difficult target to attack. Web application scanning is also available as an on-premises solution, seamlessly integrated into Tenable Security Center. This empowers all customers, regardless of deployment preference, to enhance their security posture and protect against web app vulnerabilities. Tenable solutions provide organizations the data needed to identify and evaluate exposures in the environment. Tenable Vulnerability management provides a platform approach to a risk-based view of the organization's information technology, security and compliance posture. Tenable Web App Scanning, a component of Tenable Vulnerability Management, helps security teams understand the page structure and layout of web applications. Tenable Security Center is an on-premises solution that provides a risk-based view of the organization's information technology, security and compliance posture.

Application security is the process used to enhance the security of application code to protect against threats during all phases of development. An effective application security program goes beyond just evaluating code and includes all the security measures at the application level to prevent data loss, unauthorized access, or modification. The application security process encompasses not only the application design and development phases for custom applications, but most importantly the approaches to protect applications after they are deployed, regardless of whether they are commercial products or developed in-house.

Applications are the components that drive business objectives, are often available over internal and external networks and connected to the cloud. Often, device security comes in second place to developing features to perform a required business function. Attackers typically do not gain access to sensitive data by physically attacking hardware. Most data breaches occur because a particular application or operating system had a weakness or vulnerability that allowed an attacker to gain access to the device.

Application security includes anything that identifies or minimizes security vulnerabilities to the application, including hardware, software, and any procedures such as regular testing. Web application security is of special importance since web applications are designed to be available to anyone on the networks they are connected to, which usually includes the entire internet.

This guide provides a detailed approach to application security and includes information to address key focus areas such as:

  • Vulnerability Management – The identification of software inventory, trusted applications/components, identification of unsupported/end-of-life/out-of-date software, and the prioritization and remediation tracking of these vulnerabilities.

  • Ports and Services – The identification of ports and services.

  • ID Management – The identification of privileged accounts, user access, default accounts, and the use of proper encryption.

  • Server/Application Hardening – The audit of the configuration of the underlying operating system and applications to defined and established standards, such as the CIS Benchmarks.