Advisory Note: Taming IT’s “Wild Wild West” - A Summary of Today’s Tools and Best Practices in Application Security

Enterprise Management Associates, November 2007, Pages: 5

Difficult-to-automate processes, a steep learning curve, and highly charged political environments are only three of the factors that have made application security the 'Wild Wild West' of the IT security industry. Indeed, working security practitioners and security theorists alike are struggling within this arena, while malicious attackers thrive unabated from application security failures. The primary difficulty is that ensuring application security is an art and not a science. This means that security assessors, security monitors, and auditors all need to have a higher level of understanding for application functionality and security issues. Unfortunately, the penetration of this deep understanding has not fully made its way into industry.

Further complicating efforts to get across these deep waters are the lack of industry standards in application security. There is no widely accepted assessment, monitoring, or auditing model that professionals can use as simply as a checklist. Arguments such as those surrounding static analysis vs. black box automated assessments have made management decisions to assure security extremely difficult.

This paper is meant to serve as a summary guide for decision-makers who must navigate the challenges of application security. The pain points and issues surrounding security assurance in this realm are examined, with a look at application functionality trends, as well as future predictions. This is followed by a discussion of the many possible solutions available, and difficulties encountered in their implementation. Finally, a comprehensive guide to application security best practices is summarized. These practices are mapped to the environment with which they best apply.

Product Samples

A sample for this product is available. Please Login/Register to download this sample.

Customers who bought this item also bought

• CIO IT Infrastructure Policy and Procedure Bundle
• Information Security Products And Services - Global Strategic Business Report
• LTE, Long Term Evolution, 4G, LTE Security, LTE Malware, LTE Security Applications
• 2013 Brazil SMB ICT & Cloud Services Tracker Overview: On-Premise & Cloud-Based IT Products & Services Opportunity Assessment
• Global Web-Application Vulnerability Management Market 2010-2014
• Biometrics Adoption and Application Market in India 2011-2015
• Analysis of the Mobile Endpoint Security Products Market
• Asia Pacific (including Japan) Web Application Firewall Market CY2010
• Analysis of Global Web Content Filtering Market
• GI mSecurity 2011 Survey Report