Justifying Application Vulnerability Assessments
An article on Buzzle.com by Vincent Liu geared toward non-technical managers and executives on the need for application vulnerability assessment is worth forwarding to on to non-IT colleagues who wonder what we worry about all day. Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site paints a high level picture of what app vulnerability assessment is and why you should care about it. This isn't an article for the technical crowd but it's a good reference for the non-IT manager trying to keep track of security technologies.
The article starts with a summary of the business problem that includes tried and true attention grabbers like references to regulations and Gartner studies (the last sentence is the best):
If an organization isn't taking a systematic and proactive approach to web security, and to running a web application vulnerability assessment in particular, then that organization isn't defended against the most rapidly increasing class of attacks. Web-based attacks can lead to lost revenue, the theft of customers' personally identifiable financial information, and falling out of regulatory compliance with a multitude of government and industry mandates: the Payment Card Industry Data Security Standard (PCI) for merchants, HIPAA for health care organizations, or Sarbanes-Oxley for publicly traded companies. In fact, the research firm Gartner estimates that 75 percent of attacks on web security today are aimed straight at the application layer.
For a more technical discussion, listen to the podcast interview with Matt Moynahan, CEO of Veracode which covers automatic vulnerability assessment techniques and best practices.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
