Is your IT really safe ?

September 2004
Management Services;Sep2004, Vol. 48 Issue 9, p26
This article reveals the findings from a study by Nebulas Security and its penetration-testing partner Imperva into the vulnerability of public and private web applications. A key section of the report asserts that periodic testing alone is not an effective means or reducing risks associated with web-enabled applications. Analysis of the two companies' penetration re-test data shows that despite periodic penetration testing and subsequent fixes of vulnerable points discovered the inherent risk to an application does not decrease but remains constant and may even increase over time. The re-tests conducted by Imperva's application defense center revealed that high or critical vulnerabilities in applications actually increased after first time tests. The report offers several explanations for these findings. First is the rather obvious guilt that after penetration testing, developers did not fix the identified vulnerabilities either because they did not know how to fix them or because they ignored the results of the test. Second is the fact that developers included vulnerabilities during the time between tests, either as part of the normal evolution of the website or as part of an attempt to fix vulnerabilities identified during the first penetration test. Nebulas say the lesson is that security minded software development and diligent testing of applications are necessary components to address compounding application vulnerabilities but to actually improve security over time organizations need to deploy application security solutions and continue to use penetration testing to measure their efforts.


Related Articles

  • 3-D Web Application Risk Assessment Service.  // Software World;May2004, Vol. 35 Issue 3, p26 

    This article reports that the Nebulas Security Ltd. and the Imperva Inc. have launched their unique three-dimensional Web Application Risk Assessment Service. This solution enables organizations to understand the true risks surrounding their own Web applications and is a combination of Nebulas...

  • AS STANDARDS EVOLVE, PLATFORMS IMPROVE. Trombly, Maria // Securities Industry News;5/5/2003, Vol. 15 Issue 18, p13 

    This article reports on the possible plans of U.S.-based software developers Microsoft Corp., IBM, BEA and Sun Microsystems Inc. to expand their basic web services development frameworks to offer support for the latest security and transaction protocols, improve Web services coordination, and...

  • The Sting. Strom, David // Information Security;Nov2007, Vol. 10 Issue 10, p50 

    The article discusses the use of honeyclients, a variation of a honeynet technique used to trap and detect web criminals. Honeyclients are used to hunt down criminal web browsers and dangerous sites. This technology has the capability to identify malware tools that are not publicized, giving web...

  • Only 8% Of Web Applications Secured Against Common Hacking.  // Database & Network Journal;Apr2004, Vol. 34 Issue 2, p24 

    This article reports that the Nebulas Security Ltd. has announced the results of research conducted by its application penetration-testing partner, Imperva Inc. It notes that after four years of penetration testing on more than 250 web applications including electronic commerce, online banking,...

  • Web software raises expectations, presses vendors. Phair, Matthew // ENR: Engineering News-Record;06/30/97, Vol. 238 Issue 26, p12 

    Reports on the impact of World Wide Web on the development of computer software. Ease and speed of using browser software; Solutions for easy access; Object-oriented design software; Process and power markets; Complete life-cycle database solutions for plants.

  • WEB TOLLS AHEAD? Roush, Wade // Technology Review;Jan/Feb2002, Vol. 105 Issue 1, p20 

    Reports the World Wide Web Consortium in the United States. Collection of licensing fees on technologies incorporated into Web standards; Impact of the Patent Policy Working Group on software developers; Disclosure of patents relating to computer standards.

  • Who needs Java?  // InfoWorld;2/24/97, Vol. 19 Issue 8, p1 

    Presents an overview of `Infoworld' magazine's evaluation of three techniques for the development of applications for the web. Web application servers as the most efficient of the bunch; PowerBuilder-centric nature of extended 4GL solution; Lack of integration as the main problem of the Java...

  • Sorting the strategies. Young, Tom // InfoWorld;2/24/97, Vol. 19 Issue 8, p64 

    Focuses on the three different strategies for the development of web applications. Connectivity, integration and developer productivity as the broad areas of issues in web application development.

  • Extended 4GL solution. Wang, Yun P.; Hammond, Eric // InfoWorld;2/24/97, Vol. 19 Issue 8, p66 

    Evaluates the extended 4GL solution for the development of web applications. Components of this solution; Web technology support; Time-saving features of this strategy; ODBC and native database drivers.


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics