Customized Protection Against Orphaned Applications
Customized protection against orphaned applications
Unfortunately, orphaned applications are becoming an increasingly common problem for businesses. In order for companies to ensure they are protecting their sensitive and confidential data, a WAF must be implemented to first identify all applications on the network-known and unknown-and then block against attacks and other Web threats.
This approach can ensure customized protection for each Web application on a network and gives corporate security teams a detailed understanding of the applications they are protecting. In addition, an advantage of using a WAF is that it makes it easy for employees outside the operations or application teams to keep track of Web applications and provide security. Therefore, if there is turnover within the Web application staff, an external network infrastructure layer exists to monitor and protect the Web applications.
Deploying a Web application security solution can immediately protect orphaned applications against Web attacks. It can also provide invaluable information about application defects found while monitoring the application in the production environment. By continuously identifying and monitoring orphaned Web applications, defects and threats are discovered in real time. Assessing the Web applications in their actual environments allows the firewall to identify defects that might otherwise go unnoticed during a vulnerability scan or code review.
Ryan C. Barnett is a Senior Security Researcher on Trustwave's SpiderLabs Team. Ryan is a SANS Institute faculty member and the OWASP ModSecurity Core Rule Set (CRS) Project Leader. Ryan is also a member of the Web Application Security Consortium (WASC) where he leads the Distributed Open Proxy Honeypot Project. He can be reached at firstname.lastname@example.org.