Managing Application Security in Business Processes

Today, no division of labor exists between the tasks for which applications and people are responsible. Conversely, human auditors and applications work together in concert to manage business processes and the Web servers, databases, and middleware on which they depend. However, many of these applications, especially Web-based ones, are rife with vulnerabilities, ranging from SQL injection to cross-site scripting. Even the platforms they run on are far more vulnerable than their predecessors—mainframes and leased-line transfers. As a result, although applications help expedite business processes, they at the same time expose organizations to a considerable amount of security risk compared to human auditors.

Ensuring the correct functioning of these applications and, by extension, the business processes they support, has become crucial to an enterprise’s success and managing application vulnerabilities has thereby grown vastly in importance. This paper will clarify the issue of application vulnerability management and provide high-level strategies to mitigate the risks those vulnerabilities pose to business processes.