Why is it necessary to audit applications for security vulnerabilities?
Auditing applications for source code security vulnerabilities is the most important step towards overall enterprise security. Applications, especially Web applications, can expose vital data to the World Wide Web, and security vulnerabilities from inadequately designed or written code may allow attackers to threaten privacy and steal data – for example, gain access to confidential information, modify a database or other system, or cause the application to crash or become unstable. Application source code audit is necessary not only because of the significant operational risk posed by vulnerable software, but because it is mandated by the regulations and policies that govern data privacy, integrity, and good corporate governance. Regulations such as PCI, Sarbanes-Oxley and FISMA, and control frameworks such as COBIT and COSO are driving application security and, more specifically, source code analysis activities to the forefront of business requirements and best practices.
