Rising Security Exploits: The Cost of Ignoring Secure Development Processes.
Only careful design and coding can protect today’s business applications. Most programmers, content managers and webmasters understand very little about secure development processes. Instead, they rely on network firewalls for security. Unfortunately, these firewalls cannot distinguish between legitimate application traffic and packets from a hacker intended to subvert the unprotected logic of the software.
Just as importantly, the network mechanisms cannot classify sensitive data (e.g., account names, credit card numbers or passwords) passed from the application to unauthorized individuals. Thus, much software represents a “ticking time bomb” to the organization, vulnerable to a wide variety of attacks used to vandalize, disable or subvert their intended service.
Over the past two years, there has been a sharp rise in security exploits against vulnerable application software. Many companies devote substantial resources to auditing their business applications. These same companies then spend money and time fixing the problems identified. Even worse, most companies expend much greater resources responding to attacks against vulnerable software. Often, these weaknesses cannot be identified during post-development audits, so companies spend twice.