Internet-facing systems represent significant opportunity as well as risk to any organization using them. They help meet customer and competitive needs, but they also provide a primary avenue for attackers to evade protective system barriers. Once an attack has exploited a vulnerability in a Web application, the application's server loses its reliability, subjects data to compromise or destruction, and can become a base for launching attacks against other systems within the organization's network or against other Internet systems.
This guide provides information needed to identify, measure, remediate, and manage specific security vulnerabilities in online systems. It identifies the source of the problem, recommends specific techniques to assess the extent and severity of the problem, and explains how the control environment can be structured to manage software security risks efficiently within the organization's risk appetite.
