The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

April - 2009 - issue > Technology

The Role of Web Application Security in Protecting Critical Business Data

Sanjay Mehta
Wednesday, April 1, 2009
Sanjay Mehta
The explosion of web applications introduces a host of new and ever-changing threats to data security that put enterprises and consumers at risk. Hackers are continuously finding new ways to exploit these applications and skirt existing security measures. What are the top web security challenges for 2009? And how can businesses protect against and remediate these threats?

IDC predicts the web security appliance market to grow at a rate of 23.6 percent per year for the next five years, from $256.7 million in 2007 to $745.4 million by 2012. Such robust growth is not surprising—the SANS Institute reports that 50 percent of web applications have major vulnerabilities. Due to the escalation of threats and high profile security breaches reported over the past few years, companies are recognizing that web application security is no longer an option, but a must.

Web applications have fundamentally changed the security game. Most IT professionals have traditionally been responsible for securing networks with established technologies such as network firewalls, intrusion detection systems (IDS) and SSL VPNs. Corporate networks are relatively static from environment to environment and are not equipped to deal with the unique and complex security requirements of web applications. Companies may have dozens or even hundreds of web applications available on their websites, and many of these applications change every day.

To compound the challenges, no two web applications are the same. If two competing banks offer online bill pay functionality, the underlying web applications powering the function will be entirely different. As such, web applications can originate from multiple sources, including internal development, outsourcing, third-party packages, or inherited through merger or acquisition. It is especially challenging to secure web applications when the application code may not even be accessible.


Share on Twitter
Share on LinkedIn
Share on facebook
Reader's comments(1)
1:Pretty high level discussion and covers only one type of Web Application Threat and Vulnerability. There are many other severe types as well. Would have liked a discussion making a quick purview of a few of them.
Posted by: Simanta Dutta - 23rd Apr 2009
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of Infoconnect Web Technologies India Pvt Ltd or its site www.siliconindia.com. Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. Infoconnect Web Technologies India Pvt Ltd can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. Infoconnect Web Technologies India Pvt Ltd reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous, or otherwise offensive or inappropriate.Infoconnect Web Technologies India Pvt Ltd do not endorse the products and services or any other offerings mentioned in these messages.