Technology trail-blazing organisations such as large financial institutions have been working to secure their custom applications for several years, but the second-tier “technology following” organisations have been too slow to follow. This is now rapidly changing due to recent bad press following many highly publicised security compromises.
In many of todays’s software environments security has traditionally been viewed as an after thought, sometimes an add-on or even an inhibitor to business. Coding faults, implementation issues and fundamental architectural flaws are still found in abundance in a diverse range of custom applications. Driven by business demands, organisations are finding that additional functionality and application diversity are increasingly required to fit within a secure development process. Combined with a fuzzing of the organisational perimeter and increasing pressures on providing more timely information to customers, businesses must now ensure that security is built into any custom application. As previous “internal only” applications and systems continue to evolve and take on functionality that is linked to Internet based clientele or geographically distributed users, lax security procedures often prove pivotal in the malicious compromise of data integrity and confidentiality.
Authors: Gunter Ollmannn, Sherief Hammad, John Heasman, Chris Anley