Integrating application security with application delivery

The job of a network manager has never been more complicated than it is today. Servers, clients and everything in between have evolved immensely over the last 15 years. Thanks to this, many operational or customer-facing applications can be quickly and effectively used in enterprises. As an IT manager, you are expected to ensure that all the systems function in zero seconds, without any failure, at the lowest possible cost. How does one begin to plan this kind of investment?

The logical first step is to collect the system requirements for each application. On the server, how may users will access the service concurrently in the peak time of the day, week or month? What failures should be considered and bypassed? What OS and server software should run on the server to host the application? And with regard to the client, is there a need for a special software installation? Can it be reinstalled remotely when required? Can it run on any client OS? Where are the clients located?

Following this, the second step is to define the server infrastructure. How many such users can a single server handle? What kind of applications can be accelerated by a special hardware appliance? Should there be multiple sites for disaster recovery? What network pipe will the service consume?

Assuming that all these questions are addressed, you can design your network and server equipment to handle the full amount of transactions com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security Strategies Fixing four Web 2.0 input validation security mistakes Social engineering training could disrupt botnet growth Web security problems: Five ways to stop login weaknesses Preparing for testing applications in the cloud The role of quality assurance (QA) pros in software security Common software security risks and oversights Using the Firefox Web Developer extension to find security flaws Web application security testing checklist How to develop secure applications Software quality needs to be a continuous process Building security into the SDLC (Software development life cycle) The role of quality assurance (QA) pros in software security Common software security risks and oversights Why the quality assurance department should be involved in testing How to develop secure applications Secure software development practices 'not rocket science' How to prevent HTTP response splitting Browser security a concern for website development Web application security and the PCI DSS PCI DSS compliance: Web application firewalls (WAFs) PCI DSS compliance: The basics

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ing from the application clients. This is an art in itself that requires skill, experience and constant education, out of the scope of this article.

Are you done now? Certainly not. What are you forgetting? Security, of course.

All of the above considerations apply only to legitimate application traffic. But as we all know, today's networks carry heaps of illegitimate user traffic, and it would be naïve to assume that your application infrastructure will not be exposed to malicious use. You obviously have a firewall that controls the access to your network; however it isn't capable of differentiating legitimate and non-legitimate traffic to a single application, which leaves you vulnerable.

And when considering your application infrastructure investment, this traffic may change all of your calculations:

These extra considerations and operational headaches can be solved by integrating security protection with your network infrastructure. Here is some useful advice for mechanisms that have to be implemented in your network:

In conclusion, planning your application infrastructure to include security protection capabilities can save you a lot of resources and future investments. Without it, you may be opening yourself to unpredicted roadblocks to true application security.

-----------------------------------
About the author: Amir Peles is chief technical officer at Radware.

Rate this Tip To rate tips, you must be a member of SearchSoftwareQuality.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.