Tackling the Potential Infestation of Web Application Worms
The solution to Web application worms and worms in general is to fix the problem that the worm uses to propagate. Application firewalls and assessment tools can be a good start, but the real solution is to get the individuals who create software to consider security as a fundamental building block in developing software. Developers who design and build business-enabling applications generally are not security experts and therefore do not know how to avoid creating defects that are so easily exploited by hackers. These applications tend to be pushed into production with little or no security testing. Just as with the network layer, companies must now view the application-layer as a potentially open portal to corporate assets and therefore need to implement the necessary security procedures across the application lifecycle to ensure that critical assets are secure from such new attacks as application worms. With more than one million new Web applications being launched each month and successful hacker attacks in the news each week; application security should no longer be an afterthought for any organization looking to remain viable.