Application services are the rules and processes behind the user interface that manipulate the data and perform transactions for the user. In an online bank this might be a bill payment transaction that deducts the payment amount from the user's account and sends a check to the payee. In addition to the application services of an IT solution, the Application Services domain also represents the development processes that programmers go through when creating applications.
A developer is writing an Application Program Interface (API) that allows a banking system to exchange transactions with other banks. He scans the code with a source code analyzer that identifies a section of code that was not protected against invalid input that could corrupt the system. The change is made immediately and the new API is now safe to use.
Relationships to Other Domains
Application Services rely on the Security and Risk Management domain to encrypt messages sent between applications and to authenticate and authorize applications to talk to each other. The development process of the Application Services domain relies on the threat and vulnerability management services of SRM to assess the security of the solution being developed. Application Services typically receives input from the Presentation Services domain and manipulates data in the Information Services domain. Application Services also require servers and network services from the Infrastructure Services domain. The Information Technology Operations and Support domain is used to manage changes to the Application Services. The Business Operations Support Services domain provides security monitoring services enabling administrators to monitor application activities for any stataistically unusual behavior.
Security Knowledge Life Cycle
|Security Design Patterns||Security Application Framework - ACEGI|
|Code Samples||Attack Patterns|
|Software Quality Assurance|