Home > Information Security Magazine > Features > Web Application Break-In
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Web Application Break-In
by Michael Cobb
Issue: Aug 2006
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >

If you use third-party packages, you should always check for known vulnerabilities with the vendor before installation, and then keep up to date on patches and advisories. Even if your Web applications are relatively secure when first deployed, changes to the system's infrastructure or configuration and new threats mean that your applications won't remain secure for long. Therefore, it is essential that your security policies are regularly reviewed for relevance and effectiveness.

You should also review the effectiveness of your firewall--packet-filtering firewalls can no longer provide the level of protection a Web application requires. Although routers and stateful packet-filtering network firewalls can be deployed to ensure that only approved transmission ports and protocols are open or allowed, attacks at the application layer require an examination of the application layer commands and data. Only at the application level is it possible to accurately determine what the real behavior will be with regard to a specific context.

It is important to develop an incident response plan; having a detailed and well-rehearsed plan will help you handle attacks in an orderly, effective manner and minimize their impact on your network.

Improvement Ahead
Because so many applications and services are delivered over the Internet, application security must be built into your organization's security policy. Fortunately, the Web community is also looking at ways to help improve the overall security of Web-based applications.

The Web security threat classification and security statistics projects by the Web Application Security Consortium will certainly help application developers and security professionals to focus their efforts, which will, in turn, improve application development processes and speed up response times to vulnerabilities. Meanwhile, vulnerability classification will enable better automated assessments of threats posed by Web application flaws.

Until these efforts pay off, though, Web applications will likely remain a favorite target of attackers. Companies must remain alert and vigilant or risk becoming the next victim.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts