Abstract
Application security is the trend of the future. The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC. That was the anti-virus era. The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era. Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era.
Web applications can take many forms—an informational website, an e-commerce site, an extranet, an intranet, an exchange, a search engine, a transaction engine, an e-business. All of these applications link to computer systems that contain weaknesses that can pose risks to your organization. Weaknesses exist in system architecture, system configuration, application design, implementation configuration and operations. The risks include the possibility of incorrect calculations, damaged hardware and software, data accessed by unauthorized users, data theft or loss, misuse of systems and disrupted business operations. As the digital enterprise embraces the benefits of e-business, the use of web-based technology continues to grow. Most organizations today use the web as a way to manage their customer relationships, enhance their supply chain operations, expand into new markets and deploy new products and services to customers and employees. However, successfully implementing the powerful benefits of web-based technologies cannot be achieved without a consistent approach to web application security.
In the past, the majority of security breaches occurred at the network layer of enterprise systems. Today, however, hackers are manipulating web applications inside the enterprise firewall, enabling them to access and sabotage corporate and customer data. Given even a tiny vulnerability in a company’s web application code, an experienced intruder with only a web browser and a little determination can break into most commercial websites.