Are your enterprise business applications secure

When technology vendors talk about security, you are most likely to be in a discussion about protecting investments in technology systems - preventing unauthorised access through attacks or locking down systems to prevent employees tampering with business information systems. But a problem that is harder to find the answer to is what vulnerabilities exist in the enterprise business applications that companies run. Many companies will try to secure their applications by wrapping security technology around them, but that still does not account for a prime area of vulnerability - the source code of those applications.

The sort of vulnerabilities that can be contained in application source code include the possibility of an attacker exploiting software that contains patches that are out of date to enter a corporate network, perhaps gaining access to sensitive company databases or an intranet. Companies regularly run penetration tests to check for such vulnerabilities - but most organisations have a huge number of applications within their networks. Plus, organisations in industries ranging from financial services to government to manufacturing are running a plethora of custom-built legacy applications tuned specifically to the needs of their particular operations. Vendors offering packaged software will provide patches for security vulnerabilities in their applications themselves, but proprietary applications are a different matter and there is a huge legacy of source code in applications that were never designed for networking.

Read Full Story