The Next Huge Security Threat: Web Applications

As companies flock to software-as-a-service (SaaS) and design their own Web-based applications to take advantage of an always-on and always-accessible enterprise, they’re also opening themselves to a formidable security threat, many experts believe.

Web app security is already a major concern, notes Ivan Arce, CTO of Core Security Technologies. Most enterprises have already adopted the Web paradigm for many of their internal applications as well as almost all of their external Internet presence, he states, creating an environment where Web applications are a major technological component in enterprise business processes.

“Unfortunately, most of the Web applications already in deployment were developed with no consideration or adherence to security software development practices,” he says. “The result is that for many years, Web applications have been plagued by design and implementation bugs and became the low-hanging fruit for attackers.”

Adding to the problem is the large amount of unpatched browsers, which create an additional layer of insecurity that can be exploited.