Web Application Security

Web-based applications provide a universal and inexpensive way for an enterprise to interact with clients and employees, deliver services and perform other essential business operations.

While providing clients and employees with unprecedented universal access, web-based applications also introduce significant security risks, exposing the enterprise’s data and other resources to attacks from around the globe. Motivated by criminal financial gain and other nefarious purposes, technologically savvy attackers have used security vulnerabilities to gain control of sensitive financial and customer data and other valuable enterprise assets. According to Newsweek, 87% of the companies participating in a 2005 FBI Computer Crime Survey reported a security incident. The cost to enterprises of the compromise of private information can be enormous including legal liability, loss of revenue, loss of credibility, embarrassment and other grave consequences. The losses due to application security vulnerabilities are estimated to be up to $60 billion annually (IDC/IBM Systems Sciences Institute).

Many web applications are vulnerable to attacks by hackers who use vulnerabilities in the security of the application to bypass the traditional network security measures such as firewalls, SSL encryption and intrusion detection systems. Using known security vulnerabilities that are common to many applications, attackers can gain access to internal enterprise resources such as files, data stored on backend database and other critical enterprise information and resources.

Using SQL Injection, Cross Site Scripting and other techniques, attackers compromise web applications and bypass network-layer security

In order to provide a comprehensive solution that addresses the full range of customer web standards compliance and application security requirements, NetCentric Technologies has partnered with SPI Dynamics, the leading provider of application security testing and development software. Using NetCentric’s Compliance Management Framework, enterprises can test their documents for compliance with a variety of standards and generate reports and action lists.

Features and Benefits

SPI Dynamics’ product line – which is used by NetCentric for web application security testing - is based on the industry’s most robust Web application vulnerability database. It:

• Enables all phases of the software development lifecycle to collaborate in order to build, test and deploy secure Web applications and Web services to save both time and resources;
• Integrates fully with both products and processes within an organization’s existing infrastructure for a complete solution to Web application security; and
• Offers proactive enterprise-wide security risk management and regulatory compliance to cross-reference and encourage cooperation among the activities of developers, QA and security professionals in their efforts to find and fix Web application security issues.
•