SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCP
Business Continuity Plan

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCP

Business Continuity Plan
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCP

Business Continuity Plan

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Application security

Application security
10.02.2025

Ruslan Rakhmetov, Security Vision


Today, most large companies work with various software in one way or another - some develop it themselves, many install it on corporate devices, some work with cloud versions of software. Applications help automate business processes and personnel actions, but they also pose challenges and threats: business users face various software failures and errors, while IS specialists are concerned about possible vulnerabilities in software exploited by attackers. Secure software design, development, implementation, customisation, operation and maintenance is a separate and large area of cybersecurity, and today we will briefly discuss what AppSec (Application security) is and how to ensure application security.


So, if we refer to the recently published standard GOST R 56939-2024 "Information Protection. Development of secure software. General requirements", secure software is software that was developed in the course of implementation of processes and measures to prevent and eliminate software defects. A software flaw is any error made during the development (design, implementation, configuration) of a programme, which may result in the inability to perform the required functionality or be the cause of a vulnerability potentially exploited by attackers to implement information security threats. In accordance with GOST R 56939-2024, the main objectives of secure software development are:


  • Identification of flaws, including vulnerabilities, in the software being developed and their prompt elimination;
  • Reducing the number of flaws, including vulnerabilities;
  • Reducing damage from undiscovered software vulnerabilities.

In a more general definition, AppSec (Application Security) is a set of processes, practices and tools to identify, remediate and protect against vulnerabilities and flaws in applications within the Software Development Life Cycle (SDLC). Security needs to be provided for applications on different platforms (for mobile and desktop operating systems - Windows, Linux, MacOS, Android, iOS, etc.), in cloud infrastructures (Cloud Application Security) and for web applications (Web Application Security). AppSec processes and practices may include:


  • Building a Secure Software Development Life Cycle (SSDLC);
  • Implement DevSecOps, Security-as-code, Policy-as-code approaches;
  • Work with AppSec tools (solutions of SAST, DAST, IAST, SCA, OSA and other classes);
  • Conducting Bug Bounty pentests and programmes;
  • Conducting training programmes for developers and engineers;
  • AppSec incident management (handling vulnerability reports, vulnerability analysis and remediation, development security enhancements).


Implementing AppSec processes, practices and tools will provide the following benefits:


  • Improved security: early remediation of software vulnerabilities and flaws reduces the likelihood of cyber threats, data breaches, theft of funds, and business process disruption;
  • Reducing the likelihood of cyber incidents: it is preferable to make software secure from the outset rather than deal with a vulnerability-related incident;
  • Improving compliance with legislation: ensuring compliance with legislation on the protection of PII, KII, commercial and banking secrets;
  • Reduce the impact of software flaws on business continuity: improving application security minimises the number of crashes, downtime and cyber incidents associated with software vulnerabilities;
  • Automation: speeding up development processes, reducing the routine load on developers and testers, saving human resources, reducing the influence of the human factor, standardisation;
  • Savings: By assessing cyber risks and incorporating IS requirements earlier in the software development process (Shift Left concept), the cost of fixing bugs, flaws, vulnerabilities, avoiding regulatory fines and the need to investigate cyber incidents, saving money on pentests and audits and reducing Bug Bounty payments;
  • Increased user satisfaction: increased speed of new versions, improved code quality, increased user loyalty and confidence in the brand, improved vendor reputation;
  • Introduction of quality assessment metrics: the digitalisation of development processes enables monitoring and optimisation.


You can use the requirements and recommendations of the following popular standards and frameworks to build AppSec processes:

  • Standard GOST R 56939-2024 "Information protection. Development of secure software. General requirements";
  • Standard GOST R 58412-2019 "Information protection. Development of secure software. Threats to information security during software development";
  • ISO/IEC 27034 series of standards "Information technology - Security techniques - Application security";
  • ISO/IEC 24772 series of standards "Programming languages - Avoiding vulnerabilities in programming languages";
  • NIST's Secure Software Development Framework (SSDF);
  • BSA's Framework for Secure Software;
  • Black Duck (formerly Synopsys) framework "Building Security In Maturity Model (BSIMM v15)";
  • The OWASP framework "Software Assurance Maturity Model (SAMM);
  • OWASP "DevSecOps Maturity Model (DSOMM)" framework;
  • Microsoft Security Development Lifecycle (MS SDL) Secure Development Practices;
  • Positive Technologies' CyberOrda project and their AppSec Table Top methodology;
  • Jet Infosystems' DevSecOps Assessment Framework (DAF).



For example, the BSA's Framework for Secure Software includes the following 3 areas for implementing Application Security processes and practices:


  • safe development.

1.1 Secure code writing: threat modelling and risk analysis are performed at the software design stage; software is developed based on secure development standards; software is protected from known vulnerabilities, unsafe functions and libraries; standard software architecture and design controls are applied.

1.2 Testing and validation: the software attack surface is analysed and validated; code reviews are conducted manually or using automation tools; a comprehensive software functionality and security testing plan is implemented; software security features are tested using appropriate techniques; software is subjected to fuzzing tests and pentests.

1.3 Process and documentation: all stages of the secure development process are documented; developers are responsible for software security.

1.4 Supply chain: development processes are linked to supply chain risk management processes; measures are in place to control procurement and verify the transparency and security of third-party software components; supply chain data is adequately protected; measures are in place to protect against the introduction of software bugs and counterfeits; software provenance and data are communicated in a standardised format; and the correctness of software deployment procedures is monitored.

1.5 Development environment: the development environment, including information systems and data, is adequately protected against cyber threats; software is developed using secure development tools.

1.6 Identity and access control management: the software development environment identifies and authenticates all users in the supply chain and software lifecycle; the software development environment enforces policies to control access to data and processes by all users and operators.


  • Security capabilities.

2.1 Identity and authentication management support: the software does not contain weaknesses that create prerequisites for authentication failures; the software supports strong identification and authentication methods.

2.2 Patch installability: The software supports receiving and installing security updates and patches.

2.3 Cryptographic services: The software is developed in accordance with an encryption application strategy that defines what data should be encrypted and what encryption mechanisms should be used; weak cryptographic algorithms are not used in the software; encryption keys are protected and verified properly in the software.

2.4 Authorisation and access control: the principle of least privilege is taken into account in software design; the software architecture supports authorisation and access control.

2.5 Logging: all IS events and incidents are logged in the software; the software's logging mechanisms are implemented in a secure manner.

2.6 Error and exception handling: the software implements error and exception handling functionality; in case of failure or unexpected termination of the software operation, predefined fail secure procedures are correctly executed.


  • security lifecycle.

3.1 Vulnerability management: the vendor maintains an up-to-date vulnerability management plan; vulnerabilities are identified and addressed quickly and comprehensively with risk-based prioritisation; the vendor maintains a vulnerability disclosure programme.

3.2 Configuration: The software comes with a configuration and a manual for changing settings to ensure safe installation and operation of the software.

3.3 Vulnerability notifications and patching: vendor promptly distributes patches and updates to address identified software security flaws; patches and updates are distributed in a secure manner; patches and security updates are accompanied by notices describing the information required by users.

3.4 End-of-life development and support: the vendor maintains software lifecycle guidelines for users.

Recommended

Mobile threats, detection and prevention: How to know if your phone has a virus and how to remove it
Mobile threats, detection and prevention: How to know if your phone has a virus and how to remove it

30.09.2024

The two pillars of Linux monitoring
The two pillars of Linux monitoring

12.12.2024

CVE (Common Vulnerabilities and Exposures) — database of information security vulnerabilities
CVE (Common Vulnerabilities and Exposures) — database of information security vulnerabilities

31.03.2025

Testing methods in IS - black box, grey box, white box technologies
Testing methods in IS - black box, grey box, white box technologies

03.03.2025

What are sniffers and how are they used
What are sniffers and how are they used

16.09.2024

Incident investigation and use of specialised tools
Incident investigation and use of specialised tools

27.01.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

Application security
Application security

10.02.2025

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner
How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner

06.03.2025

Technical knowledge of a first-class SOC specialist
Technical knowledge of a first-class SOC specialist

28.10.2024

How regreSSHion opened a new chapter in old OpenSSH attacks
How regreSSHion opened a new chapter in old OpenSSH attacks

23.01.2025

CyBOK. Chapter 2: Risk Management and IS Governance. Part 1.
CyBOK. Chapter 2: Risk Management and IS Governance. Part 1.

20.03.2025

Recommended

Mobile threats, detection and prevention: How to know if your phone has a virus and how to remove it

30.09.2024

Mobile threats, detection and prevention: How to know if your phone has a virus and how to remove it
The two pillars of Linux monitoring

12.12.2024

The two pillars of Linux monitoring
CVE (Common Vulnerabilities and Exposures) — database of information security vulnerabilities

31.03.2025

CVE (Common Vulnerabilities and Exposures) — database of information security vulnerabilities
Testing methods in IS - black box, grey box, white box technologies

03.03.2025

Testing methods in IS - black box, grey box, white box technologies
What are sniffers and how are they used

16.09.2024

What are sniffers and how are they used
Incident investigation and use of specialised tools

27.01.2025

Incident investigation and use of specialised tools
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
Application security

10.02.2025

Application security
How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner

06.03.2025

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner
Technical knowledge of a first-class SOC specialist

28.10.2024

Technical knowledge of a first-class SOC specialist
How regreSSHion opened a new chapter in old OpenSSH attacks

23.01.2025

How regreSSHion opened a new chapter in old OpenSSH attacks
CyBOK. Chapter 2: Risk Management and IS Governance. Part 1.

20.03.2025

CyBOK. Chapter 2: Risk Management and IS Governance. Part 1.

Other articles

Scenarios of untyped UEBA attacks
Scenarios of untyped UEBA attacks

23.09.2024

Compliance in information security
Compliance in information security

16.12.2024

Browser fingerprint - what is it
Browser fingerprint - what is it

19.05.2025

The two pillars of Linux monitoring
The two pillars of Linux monitoring

12.12.2024

Education in IS. Expectation vs Reality
Education in IS. Expectation vs Reality

19.09.2024

Comparative review: Shodan, ZoomEye, Netlas, Censys, FOFA and Criminal IP. Part 1
Comparative review: Shodan, ZoomEye, Netlas, Censys, FOFA and Criminal IP. Part 1

15.05.2025

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner
How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner

06.03.2025

Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation
Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation

05.06.2025

What is Bruteforce and how can I protect myself from it?
What is Bruteforce and how can I protect myself from it?

17.02.2025

Other articles

Scenarios of untyped UEBA attacks

23.09.2024

Scenarios of untyped UEBA attacks
Compliance in information security

16.12.2024

Compliance in information security
Browser fingerprint - what is it

19.05.2025

Browser fingerprint - what is it
The two pillars of Linux monitoring

12.12.2024

The two pillars of Linux monitoring
Education in IS. Expectation vs Reality

19.09.2024

Education in IS. Expectation vs Reality
Comparative review: Shodan, ZoomEye, Netlas, Censys, FOFA and Criminal IP. Part 1

15.05.2025

Comparative review: Shodan, ZoomEye, Netlas, Censys, FOFA and Criminal IP. Part 1
How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner

06.03.2025

How Zeek and Malcolm help you not only passively analyse network traffic, but also respond to threats in a timely manner
Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation

05.06.2025

Analysis of MDR and TDIR (XDR) concepts: architecture, technologies and practical implementation
What is Bruteforce and how can I protect myself from it?

17.02.2025

What is Bruteforce and how can I protect myself from it?

This website uses cookies to ensure you get the best experience.