IBM Rational appscan Enterprise Edition Enterprise Web Application Security, part 1th

Introduction to Enterprise-class Web application security solutions and its characteristics

Introduction: This article is divided into two parts, the first part will start with the evolution of the WEB Application security solution, explore the development of the solution, and analyze the enterprise-class solution and its characteristic which is called "the Strategic Method" in the article. In the second section, you will start with the roles of developers, security administrators, managers, The convenience, uniformity and other advantages brought by the use of a unified management platform to the safety management of the enterprise are presented in the form of examples.

Objective

In recent years, with the popularization of Web applications, enterprises are scrambling to provide a web platform, or as a gateway to the dissemination of information, to expand the visibility of the enterprise, or some or even all of the business on the Internet, to attract more customers, increase the profits of enterprises. With the external window, in attracting the vast number of users at the same time, corporate WEB applications have been frequently frequented by hackers. Since 2006, many famous websites have been attacked by hackers, from the government websites that publish information, to various operators ' websites, and even to the bank websites of online transactions, which are difficult to escape. Although most hackers just to show their sense of achievement, left "to this trip" on the site, but for the important data on the Web application of enterprises, their system security, product quality and even the qualifications of enterprises are seriously questioned.

It is fortunate that most companies are now aware of the importance of WEB application security, and they are exploring and seeking solutions that help companies build secure applications, and some of them are thinking more deeply about how to apply security, and how to ensure their web in the entire lifecycle of software development Security of application?

The evolution of WEB application Security Solutions

Our understanding of everything is a process that has never been consciously conscious, aware of it, and applied security. Figure 1 is a good illustration of the evolution of the WEB application security solution.

1, in the early years, the development of applications (including WEB applications), people generally value its function, performance, accessibility, and so on, and because of the number of hackers, the network is not widely popular, the internet conditions, and other factors, the application of security does not show its harmfulness. As a result, security has not been included in the system quality assessment for quite a long time. Here, we call it the "unconscious" period.

Figure 1 WEB Application Security solution evolution