Application profiling
An enterprise organization might have tons of applications designed and built for serving various business purposes. The applications may be small or complex and could be built using various technologies. Now, when it's time to design and implement an enterprise-wide application security program, it really becomes crucial to decide upon the priority for assessment. There might be 100 applications in all; however due to limited resources, it may not be possible to test all 100 of them within the specific duration. This is when application profiling comes handy.
Application profiling involves classifying applications into various criticality groups such as high, medium, and low. Once classified, an assessment priority can then be decided on, based on the group the application belongs to. Some of the factors that help to classify the applications are as follows:
- What is the type of application (thick client or thin client or mobile app).
- What is the mode of access (internet...