Ask the Expert

Reason for application vulnerabilities

One would think that software would be secure if companies are offering it to users. Why do so many applications have vulnerabilities?

    Requires Free Membership to View

Every application vulnerability is the result of some error during the development of the application. These errors can be organized into three key areas: insufficient processes or practices, inadequate skills or teams and incomplete supporting technology. Note that while application security technologies are critical to an organization's application security efforts, they must be paired with the right set of team and process improvements.

The most common issues in the process area are the failure to define clear and detailed security requirements, lack of threat modeling activities and failure to perform security testing and analysis. In the skills and team area, many developers have not been trained in secure coding, and very few organizations have created an application security team to support development projects. Finally, organizations need supporting tools and technologies to identify and diagnose vulnerabilities as well as standard libraries that implement security functions.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: