• News
  • SAN DIEGO
  • Defense

Defense industry must examine both inbound, outbound Web application threats

Related Special Reports

Once little known, Web applications have changed the way organizations operate. Retail and other consumer businesses use Web applications to provide e-commerce and online financial transaction capabilities to consumers. Other market segments, including military branches, defense agencies and government contractors, use Web applications to develop and implement organization-specific technologies or transfer sensitive data online between clients, partners and even employees.

Given the highly sensitive and proprietary nature of the technologies developed and data stored and transferred using Web applications, they have become the subject of hacker attacks and other emerging threats in recent years. Technology security professionals who once secured static networks using established technologies, such as network firewalls, intrusion detection systems and SSL VPNs, are now responsible for securing up to hundreds of dynamic Web applications --with many changing every day.

While companies worldwide are facing new threats to the security of their Web applications, the defense industry potentially faces application-layer attacks from both hackers and terrorist groups alike. As a result, companies across many market segments -- including the defense industry -- are using Web application security products, such as Breach's WebDefend, to monitor and secure their organization's Web applications against incoming security threats.

While many of the Web application security products offer threat detection capabilities, few analyze the integrity of the Web applications, which is critical for market segments such as the defense industry. Application integrity involves analyzing outbound information to ensure that hackers aren't escaping with an organization's critical information. For the defense industry, this means protecting sensitive, proprietary and even classified information critical to the country's security from hackers and terrorist groups. A simple defect in a defense contractor's application code, such as a missing image or broken link, could mean classified military information is vulnerable or being leaked via the Internet.

The dynamic Web applications found in the defense industry and many other market segments require adaptive solutions. In order to secure Web applications from incoming security threats and also ensure application integrity, organizations must use a Web application security product that enables them to remediate application code errors, prevent application and infrastructure data leakage, and improve the end-user's experience. By maintaining the integrity of its Web applications, the defense industry will be able to remediate application defects that are directly tied to security vulnerabilities.

Unfortunately, testing alone does not uncover all security vulnerabilities. A real-time solution for identifying and fixing defective and vulnerable production applications is essential for government agencies and defense contractors. By deploying a Web application security solution that addresses application integrity, organizations can immediately protect applications against Web attacks and provide invaluable information about application defects found while monitoring the application in its production environment. Solutions that continuously monitor Web applications ensure that defects are discovered in real-time. Assessing Web applications in their actual environments allows the application security solution to find defects that otherwise may go unnoticed during a vulnerability scan or code review.

The best Web application security appliances offer inbound and outbound traffic analysis through a bi-directional traffic analysis engine. By inspecting both incoming and outgoing traffic, defense organizations can block error messages that supply hackers and terrorist groups with critical information and prevent application defacement and data theft. In addition, organizations should be able to use their Web application security device to establish patterns that identify a specific type of data, such as classified information.

While corporate businesses are facing increased application-layer threats from hackers seeking lucrative financial data such as cardholder information, the defense industry has been and will continue to be under attack from people and organizations seeking access to sensitive and classified military information and technologies. Protecting Web applications against incoming threats is simply not enough. The defense industry needs to look at its application-layer security in a bi-directional manner to ensure both the security and integrity of its Web applications and make certain that simple application defects aren't offering data access to those who want it most.


Mehta, senior vice president at Breach Security Inc., has more than a dozen years of experience driving revenue growth and strategic business opportunities for technology companies, resellers and system integrators.

User Response
0 UserComments