If I use an intrusion detection system, do I need still need to secure my applications? It seems like the apps would already be secure using IDS.
Requires Free Membership to View
When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.
Hannah Smalltree, Editorial Director
The quick answer is yes, you still need to secure your existing Web applications and follow secure development practices.
The reason is defense in-depth. As security professionals, we assume that any defensive measure can and will fail at some point. By overlapping layers of protection, application security is assured should any of them fail, even an intrusion detection system (IDS). Also, by strict definition IDS "detects" attacks, but do not necessarily prevent them. So if your Web application is vulnerable, the only protection an IDS delivers is warning sirens.
There are devices that do defend, which are aptly referred to as intrusion prevention systems (IPS). In the context of Web application security world these are known as Web application firewalls (WAF).
Even though security technology continues to improve, it is premature to assume that these devices will block all attacks all the time. This leaves us no choice but to secure what we have most control over -- the code. We do this with regular vulnerability assessments throughout the software development life cycle and in production systems.
More information:
* Using attack responses to improve intrusion detection
* Application security: Past myths, present excuses
The reason is defense in-depth. As security professionals, we assume that any defensive measure can and will fail at some point. By overlapping layers of protection, application security is assured should any of them fail, even an intrusion detection system (IDS). Also, by strict definition IDS "detects" attacks, but do not necessarily prevent them. So if your Web application is vulnerable, the only protection an IDS delivers is warning sirens.
There are devices that do defend, which are aptly referred to as intrusion prevention systems (IPS). In the context of Web application security world these are known as Web application firewalls (WAF).
Even though security technology continues to improve, it is premature to assume that these devices will block all attacks all the time. This leaves us no choice but to secure what we have most control over -- the code. We do this with regular vulnerability assessments throughout the software development life cycle and in production systems.
More information:
* Using attack responses to improve intrusion detection
* Application security: Past myths, present excuses
This was first published in May 2006