Home
Topics
Software Security Testing and Quality Assurance
Software Security Test Best Practices
Beyond intrusion detection

Beyond intrusion detection

If I use an intrusion detection system, do I need still need to secure my applications? It seems like the apps would already be secure using IDS.

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

The quick answer is yes, you still need to secure your existing Web applications and follow secure development practices.

The reason is defense in-depth. As security professionals, we assume that any defensive measure can and will fail at some point. By overlapping layers of protection, application security is assured should any of them fail, even an intrusion detection system (IDS). Also, by strict definition IDS "detects" attacks, but do not necessarily prevent them. So if your Web application is vulnerable, the only protection an IDS delivers is warning sirens.

There are devices that do defend, which are aptly referred to as intrusion prevention systems (IPS). In the context of Web application security world these are known as Web application firewalls (WAF).

Even though security technology continues to improve, it is premature to assume that these devices will block all attacks all the time. This leaves us no choice but to secure what we have most control over -- the code. We do this with regular vulnerability assessments throughout the software development life cycle and in production systems.

More information:
* Using attack responses to improve intrusion detection
* Application security: Past myths, present excuses

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in May 2006

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

SOA
Java
Windows Development
Oracle
Cloud computing
Business Analytics

SOA
- Quiz: How much do you know about NoSQL databases?
  
  Test your NoSQL knowledge with this five-question quiz.
- Architects can meet mobile user needs by altering mindset
  
  Smartphones, tablets and desktop computers don't just differ in screen size; they are different form factors.
- Tools and practices to create a meaningful SOA ALM process
  
  To create a meaningful SOA ALM process, architects have to remember modern apps are increasingly using components.
Java
- Inside advice on the use of Platform as a Service in the enterprise
  
  CloudBees founder and CEO Sacha Labourey answers tough questions and hands out practical advice about PaaS and how it works in the enterprise.
- How skilled portlet developers make the portal strategy work
  
  Portals are providing more value than ever, and having skilled portlet developers on staff brings the technology to new levels.
- Five portlet development tips software engineers can't ignore
  
  Here are five quick portlet development tips that software engineers will find helpful as they develop applications for the portal.
Windows Development
- Native versus JavaScript/HTML5 development for Window 8 apps
  
  Learn the advantages and disadvantages in using HTML5/JavaScript for deployment.
- Technology Priorities for 2012
  
  Each year TechTarget surveys thousands of IT professionals around the world on their company’s forecasts for the coming year. As IT budgets continue through the strain of trying to align themselves with businesses trying to recover from the global recession, the direction of IT’s newest technologies may surprise you.
- Where can I find Visual Basic 6.0 DataEnvironment code samples?
  
  Get information on the best places to find Visual Basic DataEnvironment 6.0 code samples.
Oracle
- Script writing rules for Oracle Hyperion Financial Management
  
  Accountants hate having to play with scripts. In this tip, TopDown Consulting explains how to build script rules so that accountants don't have to.
- Domain-specific Oracle master data management
  
  Oracle master data management products are starting to merge various data management hubs, which is a help in particular vertical industries.
- Privileged user management a must for DBAs
  
  Trust, but verify. Ronald Reagan made it popular, and it's certainly relevant for DBAs in today's consolidated, virtualized IT world.
Cloud computing
- Interest in private clouds grows as market matures
  
  Growing interest in private clouds reflects an improved understanding of cloud computing among IT pros, experts say.
- Building a cloud ecosystem with open source software
  
  The open source community fosters innovation in the name of cloud. OW2's Cédric Thomas talks of 'coopitition' and the open source cloud revolution.
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
Business Analytics
- Match in-memory processing speed to big data analytics business need
  
  Michael Minelli, co-author of a book on big data analytics, says in-memory analytics tools must be tied to business processes to pay off for users.
- MIT panelists: Big data calls for data-driven decision making skills
  
  C-level execs need to develop better decision making skills to capitalize on big data technology, said speakers at the 2013 MIT Sloan CIO Symposium.
- In-memory analytics tools pack potential big data punch
  
  The faster analytics performance spurred by in-memory technology can help companies capitalize on big data, but there are barriers to be aware of.

All Rights Reserved,Copyright 2006 - 2013, TechTarget