Home
Topics
Software Requirements Best Practices
Building security into the SDLC (Software development life cycle)
Reason for application vulnerabilities

Ask the Expert

Reason for application vulnerabilities

One would think that software would be secure if companies are offering it to users. Why do so many applications have vulnerabilities?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Every application vulnerability is the result of some error during the development of the application. These errors can be organized into three key areas: insufficient processes or practices, inadequate skills or teams and incomplete supporting technology. Note that while application security technologies are critical to an organization's application security efforts, they must be paired with the right set of team and process improvements.

The most common issues in the process area are the failure to define clear and detailed security requirements, lack of threat modeling activities and failure to perform security testing and analysis. In the skills and team area, many developers have not been trained in secure coding, and very few organizations have created an application security team to support development projects. Finally, organizations need supporting tools and technologies to identify and diagnose vulnerabilities as well as standard libraries that implement security functions.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- virtual patching
- SQL injection

This was first published in January 2006

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

SOA
Java
Windows Development
Oracle
Cloud computing
Business Analytics

SOA
- XML appliances' evolving role in messaging protocol
  
  XML appliances have evolved. Jason Bloomberg, president of ZapThink, a Dovel Technologies company, gives an overview of the technology in this Q&A.
- API management, servers enable mobile, Web gift services strategy
  
  By exposing a network through application programming interfaces, Blackhawk Network is making the change from physical to digital cards.
- Move to mobile backend-as-a-service fast-paced, but could be rocky
  
  Adoption of cloud MBaaS is taking hold, but there are dangers of moving to the technology too fast.
Java
- Will the Red Hat model work for IaaS cloud computing with OpenStack?
  
  The Red Hat transition is to move their successful model to IaaS through OpenStack and cloud computing. But will this new move from the JBoss company work as well as RHEL did a decade ago?
- How Red Hat's Linux and OpenStack IaaS drives Intel's bottom line
  
  While a major protectorate of intellectual property, Red Hat Linux and OpenStack IaaS offerings provide the bonus of driving innovation, which leads to more chips being purchased, driving revenue at Intel's bottom line.
- Embracing OpenStack: How Red Hat commoditized open source cloud computing
  
  By leveraging OpenStack, Red Hat plans to commoditized cloud computing, just like they commoditized open source Linux ten years ago.
Windows Development
- Native versus JavaScript/HTML5 development for Window 8 apps
  
  Learn the advantages and disadvantages in using HTML5/JavaScript for deployment.
- Technology Priorities for 2012
  
  Each year TechTarget surveys thousands of IT professionals around the world on their company’s forecasts for the coming year. As IT budgets continue through the strain of trying to align themselves with businesses trying to recover from the global recession, the direction of IT’s newest technologies may surprise you.
- Where can I find Visual Basic 6.0 DataEnvironment code samples?
  
  Get information on the best places to find Visual Basic DataEnvironment 6.0 code samples.
Oracle
- The future of Dell Toad: Oracle DBAs can use BI, Exadata features
  
  Dell Toad is pushing itself into business intelligence and now has an edition to support Oracle's big Exadata appliance.
- Unlock the potential of the Oracle Exadata architecture
  
  Despite being almost five years old now, many implementations haven't realized all of the Oracle Exadata architecture benefits.
- The state of Dell Toad: Oracle DBAs and how they can still benefit
  
  Since Dell acquired Quest Software, maker of the Toad tool for Oracle databases and applications, some questions have arisen about what would happen.
Cloud computing
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
- Simple tricks to lower your AWS cloud costs
  
  There are a number of ways to lower AWS costs and improve the Amazon cloud experience. Here are a few cost-cutting tips any AWS cloud shop can use.
Business Analytics
- Member Exclusive Downloads
  
  Member Exclusive Downloads from SearchBusinessAnalytics
- In-memory applications take on big data analytics challenge
  
  In-memory tools and big data can be a potent analytics mix. But before you put them together, read advice from experienced users and consultants.
- Texas utility deploys operational intelligence, improves 'on-boarding'
  
  TXU Energy applied Vitria operational intelligence software to gain a better customer view. Careful processes selection ensured quick performance.

All Rights Reserved,Copyright 2006 - 2013, TechTarget