The Next Huge Security Threat: Web ApplicationsBy Elizabeth Millard | Posted 2008-10-29 Email Print
Software as a service may be on the rise, but so are security threats targeted at loopholes in application code. Here are some application security strategies from industry experts, with a closer look at one area not generally associated with security and information technology management--insurance.
As companies flock to software-as-a-service (SaaS) and design their own Web-based applications to take advantage of an always-on and always-accessible enterprise, they're also opening themselves to a formidable security threat, many experts believe.
Web app security is already a major concern, notes Ivan Arce, CTO of Core Security Technologies. Most enterprises have already adopted the Web paradigm for many of their internal applications as well as almost all of their external Internet presence, he states, creating an environment where Web applications are a major technological component in enterprise business processes.
"Unfortunately, most of the Web applications already in deployment were developed with no consideration or adherence to security software development practices," he says. "The result is that for many years, Web applications have been plagued by design and implementation bugs and became the low-hanging fruit for attackers."
Adding to the problem is the large amount of unpatched browsers, which create an additional layer of insecurity that can be exploited.