The above question is tough to answer given all of the variables with application security. Generally speaking,...
the answer is that application security vulnerabilities may be slowing you down. You can look at the question from the perspective of vulnerabilities or from the perspective of security controls that have been put in place to mitigate vulnerabilities.
If you have, say, a SQL injection flaw in a public-facing Web application that's allowing anyone in the world to extract data, that can certainly put a drag on performance (not to mention compliance and risk). Another example of an application security vulnerability impacting performance might be an issue I saw first-hand -- a susceptible Web page that allowed open proxy access through the system and could facilitate attacks on other websites across the Internet. The client fixed the issue about eight years before, but somehow, that particular page made it on a list of known Web proxies. Therefore, it seemed that a criminal hacker (and script) on the Web was trying to access that page to launch exploits.
This situation might not seem so bad on the surface, but this one Web page was being requested over 70,000 times every five minutes. It was a distributed denial-of-service attack at its finest, and even the largest cloud providers couldn't handle it. In the end, all it takes is one Web page that's vulnerable to SQL injection, password cracking, proxy hacking and the like to bring what might otherwise be considered a resilient system to its knees.
Looking at it from the proactive security control angle, encryption (secure sockets layer, database, etc.), audit logging, layer 7 inspection at the firewall or intrusion prevention system and the like can impact performance to an extent depending on the architecture. However, today's hardware and high Internet speeds can mask many such problems. You should be able to view performance metrics at the application, database, operating system and network levels to determine if anything might be causing application security vulnerabilities.
Read up on how to prevent and detect security vulnerabilities in Web apps
Web application survey reveals security is lacking
Learn more about Web app security vulnerabilities
Dig Deeper on Software Security Test Best Practices
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.