White Papers for Basel II Capital Accord (Basel II)

Web Application Security: Automated Scanning or Manual Penetration Scanning

Watchfire

With more than 90 percent of web applications containing some type of security vulnerability,1 and more
than 75 percent of attacks occurring over the HTTP/S protocols, it is essential that organizations implement
strong measures to secure their web applications. While the percentage of attacks occurring over ports 80
and 443 seems unusually large, consider the fact that these ports are the front door to the organization –
usually exposed to the entire online community.As web applications become increasingly complex, tremendous amounts of sensitive data – including personal, medical and financial information – are exchanged, and stored. The consumer not only expects, but demands, security for this information.But securing a web application goes far beyond testing the application using manual processes, or by using automated systems and tools. It begins in the conceptual phase, by modeling the security risk introduced by the application as well as the countermeasures to be implemented. Security should be thought of as another quality vector of every application, analyzed and considered through every step of the application lifecycle.

View the White Paper

Share or bookmarklet this web page at: