How-tos

Use IBM Application Security on Cloud to build your application inventory

Share this post:

Application security is about protecting your organization’s valuable assets, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to operate, be competitive, and meet regulatory requirements.

To manage the challenge of addressing application security at the enterprise level, security teams must take a risk-based approach. The team must rank assets, identify high risk applications, and reduce risks. But addressing application security at an enterprise level goes beyond just scanning applications for vulnerabilities. If you’re like many organizations, your security team is small and overwhelmed. That makes it difficult to stay on top of managing application security.

How about using the IBM Application Security on Cloud service to build an application inventory? Then you can classify and prioritize these assets by business impact before you even start any security testing. After you assess your applications for security vulnerabilities, you rank them by a security risk score. This prioritizes vulnerabilities and focuses on fixing issues with the biggest impact on your organization’s security risk. With Application Security on Cloud, you can easily identify security vulnerabilities in your mobile, web, and desktop apps to keep them secure.

How to import an application inventory

Save time and reduce manual work by importing an application inventory list into Application Security on Cloud. Start with our sample spreadsheet of application attributes or merge it with your own existing list. The sample file includes attributes such as Name, Business Impact, Testing Status, and Business Unit. These attributes appear in the application view as column headers.

Import an application inventory

    1. Import a list of apps.
    2. In the My Applications tab, click Import Apps.
    3. Download the sample CSV file to see the attributes that Application Security on Cloud is expecting.
    4. Modify the attributes (column headers) in the CSV file if necessary. If you add multiple values for an attribute, use a comma to separate them. Add your list of apps to the file and make any other customizations.
    5. Choose the file to import and assign these apps to an asset group. (If no asset group list appears, the apps are automatically assigned to the default asset group.)
    6. Click Import and import your CSV file.

Application Security on Cloud automatically creates profiles for each imported app. After you build your application inventory, you can create and run scans in an app, edit application attributes, and assign access permissions for each application.

 

Miriam Fitzgerald

More How-tos stories
April 23, 2019

Introducing Private Service Endpoints in IBM Cloud Databases

We recently released an update to all IBM Cloud Databases which allows you to enable public and/or private service endpoints for your database deployments. In this post, we’ll walk you through the setup.

Continue reading

April 11, 2019

How to Automate TLS Certificate Rotation to Avoid Outages

In this post, we'll share how you can make sure you have end-to-end protection for data in transit without running into any TLS certificate expiry issues.

Continue reading

April 5, 2019

Node.js 502 Bad Gateway Issues and How To Resolve Them

In December of 2018, many Node.js users noticed that their applications randomly returned an HTTP status code 502 "Bad Gateway" error. In this post, we'll show you how to resolve this issue if you have been affected.

Continue reading