4. Web Application Security

Web applications remains by far the most widely used avenue of attacks, with criminals identifying common Web vulnerabilities and using them to set up drive by attacks often on legitimate websites. Web application security came in the fourth spot for CIO spending priorities with nearly 60 percent indicating that it was a top area to address, according to the Piper Jaffray survey. Security experts tell CRN that forward-thinking organizations are addressing the issue by engaging with software security vendors and investing in ways to add security deeper into the software development lifecycle. Some solution providers say they are also seeing interest in Web application firewalls (WAFs). They say the appliances have evolved from their early days of being deployed for compliance reasons. If WAFs are deployed and configured properly they are capable of helping organizations block known vulnerabilities with a virtual patch while developers work on a permanent fix.