Application Software Security
CIS Control 18
Manage the security lifecycle of all in-house developed and acquired software in order to prevent, detect and correct security weaknesses.
Why is this Critical?
Attackers leverage the most easily exploitable targets to execute attacks, and this often includes web-based and other application software. They can inject specific exploits including buffer overflows, SQL injection attacks, cross-site scripting, and click-jacking of code to gain control over vulnerable machines.This CIS Control focuses on preventing, detecting, and correcting security weaknesses in applications, such as coding mistakes, logic errors, outdated software versions, etc. Organizations can prevent application vulnerabilities from being exploited by securing applications with software updates, patch management, and firewall deployments as well as by establishing secure coding practices and by applying static and dynamic analysis tools to verify that secure coding practices are being adhered to for internally developed software.