Additional Reading: OWASP Top Ten Application Security Risks
Related Terms: Application Security Assessment
What does this mean for an SMB?
While it is true that some applications can contain malicious code hidden within them, it is usually the exception rather than the rule. Furthermore, SMB owners do not employ the security researchers needed to test and filter out such nefarious applications. The truth is sometimes even Google can’t find them!
However, if you’re a software development shop, who develops code, then you should train your coders on the OWASP Top 10 risks of common coding security errors. This will reduce the number of security problems in your solutions saving expensive fixes/patches down the road.
In addition to training employees on safe and secure coding practices, development firms should consider performing application fuzzing, application security assessments, dynamic code scanning, status code analysis using automated tools from code scanning vendors and expert 3rd party testing firms. These are all reasonable best practices to be built into your software development life cycle (SDLC).