The Importance of Web Application Security

Just about every enterprise today has one or more web applications that facilitate doing business with the public. Informational web sites are just that – they provide useful information to people who want it, by putting it on the internet. Web applications, however, offer interaction with customers – a banking website, for example, lets customers access their accounts and do things such as pay bills, move money around different accounts, and so on.
While you may fortify your network with firewalls, intrusion prevention systems and so on, customers who use your web application are rightfully accessing your network, through the access you provide them – and this ease of access to your systems is the crux of the problem regarding web applications. Once an user accesses your databases through a web application, your control over the user’s actions diminishes considerably, because a malicious user can “craft” inputs into their browser that allow them to do things other than what you want them to do.
Software development today is based on quick turnaround times – companies do spend a lot of time testing their web applications, but that testing is predominantly functional testing, to ensure that the apps do what they were designed for. Unfortunately, securing those web applications is not a high priority item during testing, for two reasons. First, most people aren’t really sure how to go about comprehensively testing web applications. The second reason is the expense of testing web applications to make them secure.
There are a couple strategies you can adopt here: build in application security during the designing and coding phase – let your development teams incorporate security best practices into all their designs of new applications. For existing applications, especially production applications that your customers are accessing right now, have a competent web application security team assess your web applications for security holes – very few applications on the internet are highly secure, so you’ll improve your security posture by doing this. The second thing you may want to consider is looking into putting in another “firewall” in your network, this one to protect your data. You can do this with a web application firewall like that offered by Imperva, or a database firewall such as the Oracle Database Firewall, offered by Oracle.

Leave a Reply

Your email address will not be published. Required fields are marked *

*