Government Computer News
Something phishy
Tools for application-level security can help you cope with the threats from without and within
Digg
De.licio.us
Slashdot
TechnoratiIn this report
Application security tools
The lowdown:
Application security
What are they?
Application security tools use software, hardware and procedural methods to protect applications and mission-critical enterprise databases from external and internal threats.
How do they work?
They work as countermeasures to the threats against the integrity of vital programs and often consist of firewalls, encryption/decryption programs, antivirus, anti-spam, spyware detection and removal, and user-authentication programs.
How much do they cost?
The cost of application security tools depends on their scope, whether or not they are modular in design, and whether they are leased or bought outright by the enterprise.
Must-know info?
A new category of integrated security programs, called “integrated application assurance platforms,” will eventually provide broad security coverage of the entire application “stack,” including Web servers, databases and Web services. Conventional Web application firewalls, as they exist today, will likely disappear by 2008 as these new platforms move into the market to provide new and higher levels of application scalability, performance management and availability features, according to the Yankee Group.
Not long ago, these words might have been found only in a comic-book fantasy. But they’re now all too real and familiar—and they are costing American taxpayers and businesses billions of dollars annually.
Web application security attacks are becoming especially prevalent as individual consumers and organizations depend more and more on Internet services for conducting businesses ranging from online shopping to billion-dollar electronic fund transfers.
Incidences of electronic identity theft have become so commonplace that they barely make the news unless thousands of individuals are involved.
As Web applications grow in size and complexity, so too do the number and severity of the attacks against them. During an 18-month period several years ago, the rate of documented Web application attacks increased by nearly 82 percent, according to a Symantec Corp. report on Internet security threats.
These attacks included repeated intrusion attempts, abuse of application business logic, unauthorized data manipulation through such techniques as Structured Query Language injection and parameter tampering, user session hijacking and credential theft, and denial-of-service attacks.
According to IPLocks Inc. of San Jose, Calif., a developer of integrated database security programs, most modern security tools—firewalls, intrusion detection, virus protection and so on—are designed to keep people and programs out of the network.
But the company also cites a joint survey by the Computer Security Institute and the FBI indicating that trusted employees commit a whopping 78 percent of information theft. These employees’ jobs require access to the primary information repositories—the databases. Thus, a database is faced with a potential double whammy—attacks by hackers from without and employees from within.
In attempts to manage compound threats to their security, many organizations today try to cobble various security measures such as firewalls, data encryption programs, anti-spam and antivirus programs, and user authentication together into a security umbrella that overarches their entire network and application infrastructures.
Sadly, while these security components might provide temporary protection against attacks the organization currently faces, there is no guarantee they will be able to hold the line against coordinated attacks that can occur a month, a day or even five minutes from now.
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
