APPLICATION SECURITY POLICY

This Application Security Policy (hereinafter referred to as” Policy”) is effective from [INSERT DATE ON WHICH THE POLICY COMES INTO FORCE] and applies to all employees of the [INSERT NAME OF THE COMPANY] (hereinafter referred to as “Us” or “we” or “our” or “Company”).

This policy outlines the security measures and best practices to safeguard the confidentiality, integrity, and availability of our web applications.

1. PURPOSE
   1. The purpose of this policy is to define web application security assessment and to identify vulnerabilities, weaknesses, and areas of potential risks such unauthorized access to confidential information, misconfigured security risks and invalid input flaws.
2. SCOPE
   1. Web application security assessments are performed by skilled professionals who specialize in web application security. This policy applies to all web-users, employees, and contractors, responsible for conducting security assessments within the Company.
3. POLICY STATEMENTS
   1. Web Application Security Assessments will be conducted by our internal cyber security team to stimulate cyber-attacks and uncover vulnerabilities.
   2. Assessments will be conducted whenever significant changes are made to a web application such as major updates, modifications made or before a web application is deployed to the Company to ensure any security issues. Our internal Cyber team will perform such assessments periodically to proactively identify and address evolving threats.
   3. Whenever new third-party components or API’s are integrated into a web application such assessments are essential to ensure to assess the security of these integrations.
   4. All security risks associated during assessments must be mitigated by the OWASP top ten or any other tool [INSERT WEB SECURITY ASSESSMENT TOOL 1 OR TOOL 2] to highlight the most prevalent and dangerous vulnerabilities in web applications.
   5. All findings during the assessments are considered confidential and are to be distributed to persons on a “need to know” basis. Distribution of any findings outside of is strictly prohibited unless approved by the concerned authority.
4. COMPLIANCE
   1. Compliance with this application security policy and applicable laws should be regularly monitored and audited to identify and address any potential gaps or non-compliance.
   2. Any identified breaches or non-compliance should be promptly investigated and appropriate corrective actions should be taken.
5. CHANGES TO THE POLICY
   1. We reserve the right to update and make changes to this policy from time to time based on the working conditions of the Company. The Company on updating this policy will inform the members of the Company.
6. FURTHER INFORMATION
   1. For any queries or further Information regarding our Company or about this Policy, the concerned person can contact us through email[ INSERT COMPANY’S EMAIL ADDRESS]
7. ACKNOWLEDGEMENT
   1. We expect all employees to adhere to this policy of the Company. The Company will apply this policy consistently and fairly to ensure a harmonious and productive workplace for all.
   2. By signing below, you acknowledge that you have carefully read and understood the terms and contents of this policy.
   3. You acknowledge that you will follow the set guidelines of this policy as well as of the Company and failure to do so; the Company can take Disciplinary action against such person.

COMPANY                    

[INSERT COMPANY’S NAME]

Authorized Signature

Print Name and Title

[INSERT SIGNING AUTHORITY AND DESIGNATION]