Challenges of Web Application Security

Vio Onut
IBM CAS Research / University of Ottawa


In today's market, web application vulnerabilities dominate the enterprise threat landscape. IBM X-Force® research revealed that 43% of all security vulnerabilities last year related to web applications, with Cross-Site Scripting & SQL Injection vulnerabilities continuing to dominate. To address application security challenges effectively, organizations must test the software and applications across their entire portfolio. And to reduce the costs of security, testing and verification must occur as early as possible in the development life cycle. The costs associated with web application security breaches are staggering, bordering on billions of dollars in losses for corporations.

This presentation provides an overview of the methods available to protect organizations against attacks that target web applications, as well as some of the research challenges and solutions that are available to detect web application vulnerabilities as early as possible in the lifecycle of an application.