Contact B2B News. Click here.
Home       B2B News Archives       Submit News |       Advertise



If you're an avid blogger or a passionate writer, we're interested in talking with you. Apply here.

Improving B2B application security

April 19, 2005

As the frequent release of patches and security fixes from Microsoft reminds us, not even the largest software producers are invincible to Internet hacker attacks.

Of course, Microsoft has become more security-oriented over the years, and is approaching ongoing product development with security right at the top of the priority list.

But don't let this blind you to what could be an inherent weakness of most application providers, says Vik Desai, CEO of Kavado.

"They develop and build the most efficient software, but they're not security experts," he says. "And vendors are not issuing enough patches in time."

Desai's talking about application (rather than network) security, which by its very nature can be a weak point.

"Apps are continuously improved and enhanced," Desai notes. "Lots of hands are touching them, and potential new vulnerabilities are being exposed."

Kavado's approach to this problem is to provide software that knows what inputs are valid, and rejects everything else.

For example, hackers can remove information from a database by typing commands directly into text fields that pop up in Web-based applications.

Kavado would prevent the transmission of such commands; for that matter, it could also be configured not to release specific data items -- say, social security numbers -- from databases.

With security on everyone's mind, Desai says that some of Kavado's 200 customers have turned to the company to provide protection directly on the operations side, where security mistakes hurt the bottom line.

Of course, a thorough security strategy would address application security back in the development stage, and some customers are taking that view as well.

Kavado works by crawling through an application -- say, customer relationship management (CRM) -- and looking for security holes. Kavado has a firewall that enforces subsequent rules designed to plug the subsequently exposed holes.

Kavado's proposition should alert e-business customers and prospects to the issue of application security, something for which vendors should be called to account during any sales, implementation, or upgrade cycle.

Source: Line 56




Home | B2B News Archives | B2B News Search | Submit News | Advertise | Contact

       © B2B News, 2005. All rights reserved.