When thief and author Willie Sutton was asked why he robbed banks, he responded, “Because that’s where the money is.” Today, Web applications are prime targets for criminals for the same reason. Applications are designed to display and manipulate data, and the thief who compromises such applications gains access to protected information. For example, an intruder looking to steal Social Security numbers would be attracted to an application that asks for them.
Companies migrate applications to the Web as business demands, seeking to improve customer service, capture new customers, reduce operational costs, enable self-service and streamline communications with vendors, partners and employees. Yet these same Web applications also create increased security and compliance risks. To mitigate these risks, organizations worldwide are increasingly required to comply with sensitive data-protection legislation. Not only must organizations protect information, they must also document their security practices to demonstrate compliance with best practices for Web application security, resulting in the constant tweaking of IT infrastructures.
Read more at:
http://www.sdmagazine.com/documents/s=821/sdm0603a/