Login
    Contents x
    Application Security
    • 21 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Application Security

    • Updated on 21 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    WHAT IS APPLICATION SECURITY AND WHY IS IT IMPORTANT?

    Application Security encompasses the discovery and remediation of coding and design weaknesses identified through the software development lifecycle.  These vulnerabilities, once detected, must be addressed by a specified due date to mitigate risks.

    It is important to discover and remediate security flaws in in-house or acquired software to address the weaknesses before they can be exploited and impact the organization.

     

    CONTROLS THIS DASHBOARD REPORTS ON

    This dashboard reports on your organization’s level of compliance with these controls:

    NIST CSF v2.0: Subcategory ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established

    PCI-DSS v4.0.1: Requirement 6.2.3 Bespoke and custom software is reviewed prior to being released into production or to customers, to identify and correct potential coding vulnerabilities

    CIS CSC v8.1: Safeguard 16.12 Implement Code-Level Security Checks


    PRIMARY KEY PERFORMANCE INDICATOR  (KPI)

    The dashboard reports on this Primary KPI:

    Numerator: Count of application vulnerability records that are either closed, or are open but are within their due date

    Denominator: Count of all application vulnerability records

     

    COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

    • Compliance Status
    • Hostname – hostname where the vulnerability was discovered
    • App ID, Application Name, Repo ID – application and code repository details
    • Vuln Key, Vuln MAC, Vuln IP, Vulnerable Package Name, Vuln Source – vulnerability details
    • Created Date, Due Date, Resolved Date
    • Status Open, SLA Status, SLA Days, Status, Severity, CVSS Score
    • PCI Context – whether the software is in scope for PCI DSS
    • Owner Name, Owner Email Address, Owner ID, Owner Job Title – Vulnerability owner information
    • Manager Employee ID, Manager Full Name, Manager Email Address - Employee's manager
    • Executive VP, Senior VP, VP / Executive Director - Management chain for the Employee
    • Level 5, Level 6 - Additional levels of management for the Employee

     

    OCSF TABLES USED BY THE DASHBOARD

    • Vulnerability Finding [2002]
    • Device Inventory Info [5001]
    • User Inventory Info [5003]
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence