Home > Articles > Securing a Web App at the Last Minute

Securing a Web App at the Last Minute

Article Description

While consumers and the media are increasingly aware of the risks to confidential information over web apps, firms still tend to focus on development, leaving data security until just before the go-live date. Ajay Gupta points out that last-minute steps are available to improve the security of your apps before launching them onto the Internet.


In this example, the hosting provider had informed the application developer that the provider would implement the Snort IDS; however, the provider had not done so by the time of the security review—which was just before the go-live date. If it wasn't in place by then, there was a very good chance that it wouldn't have been in place when the application went live. The moral is that, while we'd like to believe what hosting providers tell us, "the proof is in the pudding," as my tenth-grade English teacher used to say. We need to push our providers on these points, ensuring that hosting providers deploy the security measures they promise.

Even if you have just a little time left before deployment, you can still take steps to improve security. This approach isn't ideal—security should be built in from the beginning—but conducting a security assessment at any point offers some value. In this instance, the client was able to push the hosting provider to install an intrusion-detection system with specific rules meeting the client's needs, as another layer of defense against the identified vulnerabilities.

One final comment on security: To become accepted and integrated, cyber security cannot remain an obstacle to business operations. It needs to be a means of enabling the operations of a business. It's security's role—and the role of the security officer—to find a way to allow operations to go forward, and even to streamline operations in a way that allows them to be safe.