|
 Web Application
Security is at the heart of the protecting organisations from malicious
attackers, who may be politically, economically, or socially motivated to
gain access to enterprise systems. The motivations for such attacks may be
to damage the brand, remove private or confidential information, impact
service availability, defraud or change application code or data without
detection.
Web Application Security is focused on all web-enabled applications. This
includes public-facing applications accessible through the World Wide Web,
Intranet applications or extranet solutions. In technical terms Web
Application Security is completely separated from network security,
authentication/authorisation models, encryption and technologies such as
Firewalls, IDS (Intruder Detection Systems), Network sensors, system
scanners, et cetera.
 Web Application
Security completely integrates with existing security models, technologies
and processes, but is an essential element that cannot be ignored. Without a
commitment to Web Application Security, any investment in network, system or
server-level security is compromised.
Web application vulnerabilities are found with applications that are
web-enabled, and whilst this obviously includes any purpose-build web
application on the Internet, Intranet or company Extranet, it also
encapsulates older client/server applications that may still be operating on
mainframes or mid-range computing systems, which may have had recent
web-interfaces attached. Good examples are ERP systems and less obvious
applications such as Microsoft Exchange when web-enabled by OWA (Outlook Web
Access). |
