With the materialization of Web 2.0, improved information sharing through Social Networking and rising business adoption of the World Wide Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either attempt to access the corporate network or the end-users accessing the website by subjecting them to drive by downloading file(s). As a result, industry is paying augmented attention to the security of the web applications in addition to the security of the underlying computer network and operating systems.

The majority of web application attacks happen through Cross Site Scripting and SQL Injection attacks which characteristically result from flawed coding, and failure to disinfect input and output from the web application. While security is essentially based on people and processes, there are a number of technical solutions to mull over when designing, creating and testing secure web applications.

• At a high level, these solutions include:

• Black Box testing tools such as web application scanners, susceptibility scanners and penetration testing software

• White Box testing tools such as static source code analyzers

• Fuzzing Tools used for input testing

• Web Application Firewalls (WAF) used to offer firewall-type protection at the web application layer

• Password cracking tools for testing password might and performance

In recent times, IBM announced the induction of their new security scanning software called IBM Rational AppScan. This was the result of IBM’s possession of Watchfire, a web security company in July 2007. IBM Rational AppScan has become part of the IBM suite of services to their present and upcoming clients. With this product, IBM is eager to get closer to its competitors when it comes to software and application development. IBM Rational AppScan is on its maiden version, currently accessible for consumer and business use. This software is IBM’s response to the growing requirement to come up with security scanning software to knob complicated coding and mash-ups.

The result is a monotonous scanning that can only scan a single application and not the process as a whole. IBM Rational AppScan hopefully would fill the void. With so many websites that uses mash-ups, everyone is vulnerable to attacks if avoidance is not properly implemented. The timely release of IBM Rational AppScan could be the point of suggestion for some developers of website application security software.

Web based software application security has been owned by security experts, but that is not enough to stay in synchronization with the needs of processes within companies today. The addition of IBM Rational AppScan will help users to save time and money by implementing web application security testing much earlier in the software lifecycle process.

PLAVEB recognizes the importance of a good night’s rest. Sleep well knowing PLAVEB built your web application system securely.