Application security involves checking the security controls of an application. The security review is directly related to the applications that have been custom developed or built on top of other commercial applications. Application security testing does not involve looking at hosting software, but rather focuses on the application software itself.
A thorough and exhaustive evaluation of the security issues related to e-business applications is best tackled using a phased approach, such as that described in this sample audit work program. This sample focuses on the security issues related to e-business applications and can be used as a general guide to understand and review the e-business application security review process.