• SELECT SITE CURRENCY
Select a currency for use throughout the site
Advisory Note: Taming IT’s “Wild Wild West” - A Summary of Today’s Tools and Best Practices in Application Security
Enterprise Management Associates, November 2007, Pages: 5
Difficult-to-automate processes, a steep learning curve, and highly charged political environments are only three of the factors that have made application security the 'Wild Wild West' of the IT security industry. Indeed, working security practitioners and security theorists alike are struggling within this arena, while malicious attackers thrive unabated from application security failures. The primary difficulty is that ensuring application security is an art and not a science. This means that security assessors, security monitors, and auditors all need to have a higher level of understanding for application functionality and security issues. Unfortunately, the penetration of this deep understanding has not fully made its way into industry.
Further complicating efforts to get across these deep waters are the lack of industry standards in application security. There is no widely accepted assessment, monitoring, or auditing model that professionals can use as simply as a checklist. Arguments such as those surrounding static analysis vs. black box automated assessments have made management decisions to assure security extremely difficult.
This paper is meant to serve as a summary guide for decision-makers who must navigate the challenges of application security. The pain points and issues surrounding security assurance in this realm are examined, with a look at application functionality trends, as well as future predictions. This is followed by a discussion of the many possible solutions available, and difficulties encountered in their implementation. Finally, a comprehensive guide to application security best practices is summarized. These practices are mapped to the environment with which they best apply.
A sample for this product is available. Please Login/Register to download this sample.