Application Security Vulnerability – CMI and AppScan Solutions
Protect Your Enterprise From Security Breaches
For years we placed most of our security focus and resources on protecting the enterprise by making sure the perimeter was secure. Firewalls to protect the edges, identity management to make sure we knew who was accessing what resources, access management for protecting our web services, access governance for compliance reporting, and SIEM for monitoring the aggregate. We have been thoughtful in extending this architecture to the public cloud as IT service delivery extended to this new model.
Step back for a second and review what we are protecting – data. Where is data significantly vulnerable? Applications. As companies rely more heavily on web and mobile applications, these applications have become a primary target. IBM reported a growing trend of web-based application exposure where about a third of attacks are at the application layer. Organizations today must address application vulnerabilities to manage their governance, risk and compliance profiles.
As is usual for IT, we use the lenses of people, process and technology to have a comprehensive approach. Security protection begins at the code level. Progressive organizations have continual training programs for their developers and contractors to maintain awareness of established and emerging threats and how to mitigate them. Life is simpler when things are done properly the first time. Integrating application security testing into the software development lifecycle from the very beginning is essential to establishing good risk management principles and processes. Technology can provide policy-based, automated application security testing to help gain a consistent, reliable and scalable analysis of application security vulnerabilities—even across large, diverse IT environments. People, process and technology, provides a security trifecta.
When considering a comprehensive testing program, no single test process can detect all the possible vulnerabilities. Testing is best viewed from multiple perspectives:
- Static – examines source code for potential vulnerabilities to facilitate detection earlier in the development cycle
- Dynamic – tests running applications using techniques in similar fashions as potential hackers might
- Hybrid – merges dynamic and static analysis by tracing issues identified through dynamic analysis to the offending line of code and validating issues identified in static analysis with external testing
- Interactive – places runtime agents on the application machine and analyzes applications as they are tested to improve accuracy
As web application breaches continue to increase, so do the threats to your business. According to both Gartner and Forrester, IBM’s AppScan is a clear leader in application vulnerability assessment and security testing software. CMI can help you examine your existing application security practices in people, process and technology and make recommendations that can help you protect your enterprise from the devastating consequences of potential security breaches. Let CMI and AppScan go to work for you.
Chief Technology Officer