|
|
article
page | 1 | 2 |
by 2007, the web application security market would be worth 1.74 billion dollars. That was arguably before web applications had shown themselves to be quite as indispensable as they have proven to be. Last year's acquisitions of SPI Dynamics by HP and Watchfire Corp by IBM prove that web application security is on the minds of many larger software players.
The truth is that the growth of web applications has changed the game. “As hackers have shifted their strategy for attacking organizations from searching for vulnerable servers to compromise,” Barnett says, “to targeted attacks against Web applications, often rife with defects, companies are learning that Web application security is no longer an option, but an essential part of doing business on the Web.”
The location of the information, in short, is much less important than it once was. “Before Web applications became so popular, sensitive information was stored in databases and applications on internal networks,” says Barnett. “Hackers would have to gain access to this data by breaking into servers deeper and deeper within an organization's network until they found something useful.”
Traditional network security solutions were up to the task of facing such challenges. Firewalls and intrusion detection systems could prevent entry or notify administrators of such entry and ensure that future incursions were more difficult to execute and less common overall. “However,” Barnett asserts, “as web applications evolved from simple sites containing non-critical information to complex multi-tiered applications at the forefront of business, these network solutions are no longer sufficient.”
Furthermore, there is the problem of the double-edged sword of user-friendly applications. Not only do well-laid-out and easy-to-navigate sites aid users in gaining value from webapps, the resources are far easier for hackers to navigate, as well. “IDS and traditional network security systems are not designed solely for these constantly changing web applications,” says Barnett, “and hackers no longer need to search through a network to find the valuable data; they simply browse an organization's Web site.”
|
|
|
Back in 2003, Yankee Group estimated that by 2007, the web application security market would be worth 1.74 billion dollars. That was arguably before web applications had shown themselves to be quite as indispensable as they have proven to be. |
|
“Additionally,” continues Barnett, “each Web application is different and cannot be protected by generic measures as is possible with network security such as the network firewall or the network IDS/IPS system.” There is no simple blanket solution for web applications. However, solutions do exist, and should be considered a priority for anyone involved with webapps. The increasing complexity of such applications will make them even more valuable to the end user, and likely more vulnerable to intrusion.
In short, any organization or enterprise that is interested in maintaining security within the context of a web application should take note of advances in web application security. Most desktops are well equipped with firewalls and detection software. Users are more vigilant than ever. Furthermore, a look at some of the other articles in this month's issue of Pipeline will underscore the fact that security on the network itself is becoming more common and more effective. Careful monitoring of all traffic is allowing carriers to see intrusions and anomalies in real time. Tools abound to proactively confront malice in a real and effective way.
The network and those accessing it are thicker-skinned than ever. The web application cannot afford to be the chink in the armor that causes the entire process to become less secure.
|
|
|
|
