Application vulnerabilities, present to the organisation, one of the highest
risks and challenges facing any CIO/CSO today. Applications are the workhorses
for allowing sensitive data and people to communicate within the organisation
and carry out their function. Without these systems, most organisations would
collapse. Over the years, Appsecure has identified that one of the biggest
challenges facing any organisation with this problem is education.
Typically, business teams, developers and infrastructure teams are focused on
rapid low cost deployment. Although, this is critically important, establishing
that you also have secure systems and applications, ensures that the
organisation is not exposed to unwanted and high risk. Through education across
the organisation, the exposure of deploying insecure applications can be
Our Awareness 101 program, is not only about assisting developers, but looking
at the organisation in general. Working alongside the relevant teams to help
raise the awareness of security vulnerabilities in applications and the risk
they present to the business. This is typically achieved through a internal
marketing and education program alongside security workshops with relevant team
Typically our awareness 101 programs assist in the organisation in educating
their business and technical teams in the areas of
- Internet and External threats to the organisation? Do they really exist?
- Data Protection, what is sensitive data, and what do i need to protect.
- How does my role affect whether our applications are secure.
- What can we do to minimise the threat to the organisation.
- What happens if i identify something that looks suspicous? How to handle an
We've found that by implementing the above messages in a managed awareness
program across the organisation. You can greatly decrease the threat to the
organisation, increase the secure coding into production code and ensure
security related events are handled correctly. General Awareness programs help
to change the culture of the organisation. This is the single most important
objective, if the organisation understands the issues then it is always
considering the risk associated with security of the data and systems, thus it's