Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can network pros handle application security?

Can your network security team handle application security, too? Application security expert Jeff Williams says chances are it can't and he explains the differences between the two types of security.

Can my network security team handle application security, too?
View Reader Feedback

Application security threats must be handled quite differently than traditional network security threats. Business applications are custom-built and are generally completely unique. Unlike network devices, applications are not exposed to public scrutiny, and security researchers have not created databases of security signatures for them. Without signatures, vulnerability scanners and intrusion detection systems are blind to the custom vulnerabilities in these applications. Finding and diagnosing these vulnerabilities requires a combination of application software expertise, security experience and knowledge of your company's business.

Most existing network security teams are ill-prepared to handle application security. Typically, these teams are trained to search for known network security issues and respond. Achieving application security requires the ability to search applications for issues that are unique and previously unknown. Team members must be able to read code with a deep understanding of how software architectures work. Also, responding to vulnerabilities generally involves the ability to change code and redeploy applications.



READER FEEDBACK

I agree that the network security people are ill equiped to protect attacks to applications. The protection needs to operate at the application layer, not only at the network layers. Code review is mandatory, but so should be application layer security, which can only be found in software packages.
-- A.M.
This was last published in February 2006

Dig Deeper on Software Security Test Best Practices

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchMicroservices

TheServerSide.com

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

DevOpsAgenda

Close