As digitalisation has progressed, many businesses have made their customer portals, a CRM system or other important ERP systems for central applications accessible externally and even installed them on public infrastructure so that customers and employees can use them. This places huge pressure on security and protection against vulnerabilities. Generally speaking, application security is all about secure access to web applications and the need to prevent these from becoming disabled or compromised.
According to the BSI, many companies normally suffer multi-vector attacks that slip in under the radar. Applications such as the accounting system and web shop are often specifically targeted by attackers to gain access to the network, other applications and data through incorrectly programmed code. In many cases, it’s no longer enough to rely on classic protection for the network and data centre.
It is necessary that the code for these applications is written without any security vulnerabilities and that the applications themselves are scalable.
On top of penetration tests and regular vulnerability scans for known and unknown vulnerabilities outside and in, an application security concept also includes the use of modern web application firewalls or multi-factor authentication for secure access to web applications.
The technology—a web application firewall, secures the individual applications without them having to be changed. Contrary to standard firewalls, the data is analysed at application level.
A web application firewall therefore evaluates all incoming and outgoing requests to a web server and prevents suspicious connections. As it does, the firewall learns typical behaviours in order to distinguish between normal and malicious use of the application, for example a query to the database that sends invalid parameters using SQL.