December 1

IT Security Five Minute Fast Fact: Network vs Application Protection

By David Stern

The proliferation of web based applications has added a new element to perimeter protection. 99% of firewall functionality is geared towards allowing or blocking network packets. It is now just as critical to control the payload of those packets as well. 5 years ago, adversaries primarily attacked unprotected servers. Today, they are attacking the application using nothing more than the HTTP port allowed by the firewall. This is akin to putting a weak gate on an imposing fortress wall. These “layer 7” or application layer attacks exploit weaknesses in OS patches, service configuration, and weak programming practices. The Open Web Application Security Project (OWASP) has been researching and educating the community on these weaknesses for many years. Standard practices such as OS hardening, effective patch management, security development life cycle, and application security assessments are usually enough to protect most applications. For more critical applications such as EDI and e-commerce, there are a number of solutions that inspect incoming traffic at layer 7 and block accordingly. For IT security professionals, it’s no longer about what packets to allow, its about what’s in them.


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

  1. Great points in a quick post.
    For those who are not familiar with OWASP: it’s now mentioned in the Payment Card Industry (PCI) Data Security Standard (DSS) v. 1.1. It’s web site is
    I still encounter a number of organizations that develop web applications that don’t know about OWASP.

Comments are closed.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!