Problem solve Get help with specific problems with your technologies, process and projects.

Are application security vulnerabilities slowing you down?

Can security impact application performance? One expert examines common application security vulnerabilities that might be slowing you down.

The above question is tough to answer given all of the variables with application security. Generally speaking,...

the answer is that application security vulnerabilities may be slowing you down. You can look at the question from the perspective of vulnerabilities or from the perspective of security controls that have been put in place to mitigate vulnerabilities.

If you have, say, a SQL injection flaw in a public-facing Web application that's allowing anyone in the world to extract data, that can certainly put a drag on performance (not to mention compliance and risk). Another example of an application security vulnerability impacting performance might be an issue I saw first-hand -- a susceptible Web page that allowed open proxy access through the system and could facilitate attacks on other websites across the Internet. The client fixed the issue about eight years before, but somehow, that particular page made it on a list of known Web proxies. Therefore, it seemed that a criminal hacker (and script) on the Web was trying to access that page to launch exploits.

[A]ll it takes is one Web page that's vulnerable to SQL injection, password cracking, proxy hacking and the like to bring what might otherwise be considered a resilient system to its knees.

This situation might not seem so bad on the surface, but this one Web page was being requested over 70,000 times every five minutes. It was a distributed denial-of-service attack at its finest, and even the largest cloud providers couldn't handle it. In the end, all it takes is one Web page that's vulnerable to SQL injection, password cracking, proxy hacking and the like to bring what might otherwise be considered a resilient system to its knees.

Looking at it from the proactive security control angle, encryption (secure sockets layer, database, etc.), audit logging, layer 7 inspection at the firewall or intrusion prevention system and the like can impact performance to an extent depending on the architecture. However, today's hardware and high Internet speeds can mask many such problems. You should be able to view performance metrics at the application, database, operating system and network levels to determine if anything might be causing application security vulnerabilities

Next Steps

Read up on how to prevent and detect security vulnerabilities in Web apps

Web application survey reveals security is lacking

Learn more about Web app security vulnerabilities

This was last published in September 2014

Dig Deeper on Software Security Test Best Practices



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What application security vulnerabilities have slowed you down?