Hackers on the Internet have evolved from fame-hungry sabotage to fraud to profitable organized data and identity theft. As this evolution continues, it is important for business leaders to consider the security of their Web applications as a vital performance indicator of the success of their business.
In this IBM® Redguide™ publication, we explain how your organization can evaluate its risk for hackers entering into your systems. We also explain how your organization can implement security testing and integrate solutions to improve security and protect your information assets.
In the first part of this Redguide publication, we discuss how to evaluate the risk that your organization is exposed to. We explain why your organization is the target of attacks and who is behind them. We illustrate the impact that successful attacks can have on your organization. We show the latest trends and statistics in Web application vulnerabilities and the underground trade of stolen information. We give a technical overview of the areas where your application can be attacked and discuss the two most common Web application vulnerabilities.
In the next part of this Redguide publication, we introduce the software development life cycle of Web applications and illustrate how security fits into this life cycle. We provide a step-by-step approach to integrating Web application security testing into your software development life cycle. We also show how and where you can use IBM Rational® products in your software development life cycle to improve the security of your organization based on your business needs.
We conclude this guide with a business scenario in which an organization without any Web application security testing gradually transforms into an organization that delivers high quality secure products.
Table of contents
Uncovering the basics of IT attack patterns and their effect on your organization
Pinpointing Web application weaknesses
Protecting your Web applications from attacks
Business scenario: A step-by-step approach to Web application security