ABSTRACT
Every enterprise should utilize an application development life cycle and within that life cycle there should be an application security architecture. An application security architecture contains a strong foundation of the application, providing controls to protect the con‚dentiality of information, integrity of data, and access to the data when it is required (availability) and ensuring it is the authorized entities. And an application security architecture carefully considers feature sets, controls, safer and reliable processes using the enterprise’s security posture. As security controls are developed for an application, they must be tested during the use test and quality assurance testing processes. At a very high level, application security testing should consider answering the following questions:
◾ Is the process surrounding this function, service, or feature as safe and strong as possible without impacting operational requirements? In other words, is this a Šawed process?
