Security Management Strategies for the CIOAccess "Web app security devices highlight source code vulnerabilities"
This article is part of the September 2004 issue of Mission critical: Securing the critical national infrastructure
Are your Web applications secure? Online businesses apps, which are wide open at port 80, put that question to the test daily. Developed for functionality with little thought to security, custom apps are typically vulnerable to attacks such as buffer-overflow exploits, cross-site scripting and SQL injection. If companies don't lock down their Web apps, security risks will increase as corporate dependency on Internet and intranet applications rises, along with site complexity, language depth and overall functionality. The Web apps' exposure to attack is driving the need for developers with both expert application security and deep programming skills. Faced with the need to develop secure applications in the absence of uniform expertise, organizations have two basic options for improving Web application security: A range of services that employ security development specialists to design, vet and/or troubleshoot applications. A growing field of generally immature but promising products that identify security issues both before and after a business application ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
U.S. critical infrastructure security: Highlighting critcal infrastructure threats
by STEPHEN BARLAS, ALAN EARLS, MICHAEL FITZGERALD, JERRI LEDFORD AND DENNIS MCCAFFERTY
Despite heightened post-9/11 security awareness, the U.S. is exposed to numerous critical infrastructure threats.
-
Outsourcing best practices: Identifying offshoring risks
by Erik Sherman, Contributor
Offshoring is good for business, but lax security practices can torpedo your investment.
-
U.S. critical infrastructure security: Highlighting critcal infrastructure threats
by STEPHEN BARLAS, ALAN EARLS, MICHAEL FITZGERALD, JERRI LEDFORD AND DENNIS MCCAFFERTY
-
-
Web app security devices highlight source code vulnerabilities
by James C. Foster, Contributor
Emerging Web app security services and products bring source code vulnerabilities to light, writes James C. Foster.
-
Web app security devices highlight source code vulnerabilities
by James C. Foster, Contributor
-
Columns
-
Security practitioners should demand security intelligence sharing
by Lawrence M. Walsh
Would you tell your enterprise security secrets if you could hear others? Lawrence Walsh explains why he thinks communication in the security field is lacking.
-
Forming enterprise security best practices from past mistakes
by Jay Heiser, Contributor
Measuring risk and forming best practices relies on learning from past experiences. Analyst Jay Heiser explains how security tactics in the past, echo in todays world.
-
Patch deployment best practices: Rushing patches isn't always better
by Victor Garza, Contributor
Do you rush to deploy patches, hot fixes or service packs as soon as possible? Victor Garza explains why this may not necessarily be the right decision.
-
What the Watchfire-Sanctum acquisition means for Web app security
by Pete Lindstrom, Contributor
See why Watchfire's acquisition of Sanctum does not spell the end for web app security.
-
Information security careers: Are information security officers a dying breed?
The information security officer will soon go the way of the dodo bird.
-
Security practitioners should demand security intelligence sharing
by Lawrence M. Walsh
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...