The document discusses the importance of a robust application security testing strategy to prevent data leaks, emphasizing the recent Facebook data breach as a case highlighting the need for better application management. It outlines pitfalls organizations should avoid, such as lack of strategy, legal non-compliance, and poor application inventory management. To build an effective security strategy, organizations should review existing processes and create threat models to identify vulnerabilities.

1. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 1
How to Prevent Data Leaks with Application Security Testing Strategy?

2. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 2
How to Prevent Data Leaks with Application Security Testing Strategy?
Facebook made a blunder, again! It failed, ignored, or possibly forgot to encrypt the passwords of more than 600 million users.
Since 2012, these passwords were stored in plain text, accessible to its nearly 20,000 employees. The worst part is, it was
completely clueless about it for the past seven years. This data breach has not only compromised privacy of hundreds of
millions of users, but also revealed its incompetent application security testing methodology.
In the modern digitally-driven world, the significance of data is immense. Data is the fodder for new advancements in the
Artificial Intelligence domain and all the automation processes. Massive amount of data is being generated every day, and
handling that data is becoming a challenge that needs to be addressed immediately. Improper management of the data is the
primary reason for the breaches happening across organizations worldwide.
A secure application is the key to garner user trust and establish credibility. We are only one quarter down in 2019, and the
number of data breach reports already happened is concerning, at the very least. This proves that there is no shortcut to a
completely secure application. In order to prevent such leaks in the future and avoid negative publicity of the organizations, it is
imperative that CIOs invest resources and time to develop, implement, and maintain a fool-proof application security testing
strategy.
Pitfalls to Avoid
In the process of fortifying an application with software security testing, there are some pitfalls that organizations need to
avoid. Otherwise, they might fall in so deep that it will be practically impossible to come out of them.

3. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 3
How to Prevent Data Leaks with Application Security Testing Strategy?
Most important of all is the lack of a harmonious application security strategy. A well-documented plan is required for a
proper execution. In the absence of a strategy, it is like following a dark path without knowing if the application will tread
smoothly or hit a bump and stumble over. Being familiar with the basic concepts of DevSecOps does not make CISOs capable
of effectuating the development of a completely secure application. They need to strategize a thorough, measurable action
plan that aligns with the overall goals and makes optimal use of the available assets.
Next is the failure to adhere with the legalities involved in a software development process. Legal compliance enables an
organization to safeguard its intellectual properties such as patents, trademarks, and copyrights. It also equips them with a
strong foundation in case of a confidentiality breach.
Non-existence of a well-maintained application inventory may also prove expensive and dangerous. An application inventory
facilitates tracking of expired SSL certificates, newly added domains, updated software versions and codes, and mobile APIs,
allowing organizations to get rid of obsolete systems and stay compliant with GDPR and relevant regulations.
Building the Strategy
The war against the Black Hats is not an easy one. Organizations must gear themselves with a well-planned strategy and
nothing less than perfect will work. Devising such flawless strategy requires extreme caution and consideration as there is no
scope for errors.

4. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 4
How to Prevent Data Leaks with Application Security Testing Strategy?
1. Scrutinize the process: In order to formulate a plan for the future, it is only smart to take a step back and go over the
existing processes. If those processes are faulty or inefficient, the chances of the plan to fail increase significantly.
Review the development cycle to identify the gaps and weak links, which might attract a potential threat.
2. Model a threat diagram: By analyzing the process, put down a high-level diagram or a blueprint to concentrate on how
data flows through the application. Such threat model offers a panoramic overview, which makes it easy to pinpoint the
defective locations in the process.
Read Full Blog at:
https://www.cigniti.com/blog/preventing-data-leaks-with-application-security-testing/

5. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 5