The explosion of web applications introduces a host of new and ever-changing threats to data security that put enterprises and consumers at risk. Hackers are continuously finding new ways to exploit these applications and skirt existing security measures. What are the top web security challenges for 2009? And how can businesses protect against and remediate these threats?

IDC predicts the web security appliance market to grow at a rate of 23.6 percent per year for the next five years, from $256.7 million in 2007 to $745.4 million by 2012. Such robust growth is not surprising—the SANS Institute reports that 50 percent of web applications have major vulnerabilities. Due to the escalation of threats and high profile security breaches reported over the past few years, companies are recognizing that web application security is no longer an option, but a must.

THE SECURITY PARADIGM SHIFT
Web applications have fundamentally changed the security game. Most IT professionals have traditionally been responsible for securing networks with established technologies such as network firewalls, intrusion detection systems (IDS) and SSL VPNs. Corporate networks are relatively static from environment to environment and are not equipped to deal with the unique and complex security requirements of web applications. Companies may have dozens or even hundreds of web applications available on their websites, and many of these applications change every day.

To compound the challenges, no two web applications are the same. If two competing banks offer online bill pay functionality, the underlying web applications powering the function will be entirely different. As such, web applications can originate from multiple sources, including internal development, outsourcing, third-party packages, or inherited through merger or acquisition. It is especially challenging to secure web applications when the application code may not even be accessible.

TOP WEB APPLICATION SECURITY THREATS AND COUNTERMEASURES