In addition, the stateless nature of the Internet and the potential vulnerabilities around ensuring the identity of an individual participating in a Web 2.0 enabled site is becoming more important since the on-line identity and personalized information inherent in the Web 2.0 sites relies on the ability of the user community to have trust in the underlying web application.

What are the biggest challenges organizations face when planning to improve web application security?

The biggest challenge for organizations is the sheer number of web applications that are in production. These applications have critical business value but have not been designed for security. As regulatory compliance audits and the risk of significant security breaches drive organizations to secure these applications, they are overwhelmed by the size of the task and the difficulty in implementing secure coding principles.


Where do you see the current security threats your products are guarding against in 5 years from now? What kind of evolution do you expect?

Web application threats will evolve as network security attacks have in the past, and web application security will be considered a necessary component for all web applications. That is, hackers will begin to exploit complex vulnerabilities resulting from multiple interactions between applications and devices within the network infrastructure.

As individual applications and devices are protected it will be their interactions that lead to the next level of attack, and organizations will need to plan and protect their critical web application assets.