Web Application Security Woes
eLABorations: There's no vendor testing or patching process for many vulnerable WebSecurity always comes down to securing applications. The whole point of firewalls is to hide internally deployed network applicationsassumed to have exploitable vulnerabilities somewherefrom the outside world. The main weakness of firewalls is that they are based on a one-application/one-IP-port model, something that worked in the pre-Web days but is completely inadequate now. These days, most application data flowing through firewalls and over network backbones is on HTTP ports 80 or 443.
Thats why the main burden of security now falls on those who maintain Web sites and on those who write Web-facing applications or Web services. Web applications are highly vulnerable, and since many of them are both one-of-a-kind and internal, there is no vendor testing or patching process to help with the security burden.