Sergey Nivens - Fotolia
The above question is tough to answer given all of the variables with application security. Generally speaking, the answer is that application security vulnerabilities may be slowing you down. You can look at the question from the perspective of vulnerabilities or from the perspective of security controls that have been put in place to mitigate vulnerabilities.
If you have, say, a SQL injection flaw in a public-facing Web application that's allowing anyone in the world to extract data, that can certainly put a drag on performance (not to mention compliance and risk). Another example of an application security vulnerability impacting performance might be an issue I saw first-hand -- a susceptible Web page that allowed open proxy access through the system and could facilitate attacks on other websites across the Internet. The client fixed the issue about eight years before, but somehow, that particular page made it on a list of known Web proxies. Therefore, it seemed that a criminal hacker (and script) on the Web was trying to access that page to launch exploits.
This situation might not seem so bad on the surface, but this one Web page was being requested over 70,000 times every five minutes. It was a distributed denial-of-service attack at its finest, and even the largest cloud providers couldn't handle it. In the end, all it takes is one Web page that's vulnerable to SQL injection, password cracking, proxy hacking and the like to bring what might otherwise be considered a resilient system to its knees.
Looking at it from the proactive security control angle, encryption (secure sockets layer, database, etc.), audit logging, layer 7 inspection at the firewall or intrusion prevention system and the like can impact performance to an extent depending on the architecture. However, today's hardware and high Internet speeds can mask many such problems. You should be able to view performance metrics at the application, database, operating system and network levels to determine if anything might be causing application security vulnerabilities.
Read up on how to prevent and detect security vulnerabilities in Web apps
Web application survey reveals security is lacking
Learn more about Web app security vulnerabilities
Dig Deeper on Topics Archive
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading