Application security is an important point of focus for many companies worldwide. It involves checking the security controls of an application, not the operating system or device that hosts the application. The security review is directly related to the applications that have been custom developed or built on top of other commercial applications. Application security testing does not involve looking at hosting software such as the web servers, but rather focuses on the application software itself.

This tool contains two sample audit programs that provide steps organizations can take to facilitate an application security review and testing audit.