How-tos

Use IBM Application Security on Cloud to build your application inventory

Share this post:

Application security is about protecting your organization’s valuable assets, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to operate, be competitive, and meet regulatory requirements.

To manage the challenge of addressing application security at the enterprise level, security teams must take a risk-based approach. The team must rank assets, identify high risk applications, and reduce risks. But addressing application security at an enterprise level goes beyond just scanning applications for vulnerabilities. If you’re like many organizations, your security team is small and overwhelmed. That makes it difficult to stay on top of managing application security.

How about using the IBM Application Security on Cloud service to build an application inventory? Then you can classify and prioritize these assets by business impact before you even start any security testing. After you assess your applications for security vulnerabilities, you rank them by a security risk score. This prioritizes vulnerabilities and focuses on fixing issues with the biggest impact on your organization’s security risk. With Application Security on Cloud, you can easily identify security vulnerabilities in your mobile, web, and desktop apps to keep them secure.

How to import an application inventory

Save time and reduce manual work by importing an application inventory list into Application Security on Cloud. Start with our sample spreadsheet of application attributes or merge it with your own existing list. The sample file includes attributes such as Name, Business Impact, Testing Status, and Business Unit. These attributes appear in the application view as column headers.

Import an application inventory

    1. Import a list of apps.
    2. In the My Applications tab, click Import Apps.
    3. Download the sample CSV file to see the attributes that Application Security on Cloud is expecting.
    4. Modify the attributes (column headers) in the CSV file if necessary. If you add multiple values for an attribute, use a comma to separate them. Add your list of apps to the file and make any other customizations.
    5. Choose the file to import and assign these apps to an asset group. (If no asset group list appears, the apps are automatically assigned to the default asset group.)
    6. Click Import and import your CSV file.

Application Security on Cloud automatically creates profiles for each imported app. After you build your application inventory, you can create and run scans in an app, edit application attributes, and assign access permissions for each application.

 

Miriam Fitzgerald

More How-tos stories
February 13, 2019

Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager 3.1.2

Use Argo CD, a GitOps continuous delivery tool for Kubernetes, and IBM Multicloud Manager to achieve declarative and automated deployment of applications to multiple Kubernetes clusters.

Continue reading

February 11, 2019

Solving Business Problems with Splunk on IBM Cloud Kubernetes Service

In this tutorial, we will install Splunk Connect for Kubernetes into an existing Splunk instance. Splunk Connect for Kubernetes provides a way to import and search your Kubernetes logging, object, and metrics data in Splunk.

Continue reading

February 8, 2019

A How-To for Migrating Redis to IBM Cloud Databases for Redis

If you’re moving your data over to IBM Cloud Databases for Redis, you’ll need to take some steps to successfully migrate all of your data. We’ve got you covered. In this post, we’ll show you a quick way to start migrating your data across to Databases for Redis, whether your database is on-premise or in the cloud.

Continue reading