During the 80s, war dialing and phone phreaking were the attacks that garnered all the headlines. In the 90s it was all about web defacement and the ubiquitous email virus. The last seven years have given rise to identity data theft and privacy concerns. For the past twenty years, organizations have focused on protecting the network; but in the last ten years it has become clear that the core threat is not, nor really ever was, access to the network. The network is just a means to an end. The threat has always been access to the enterprise's crown jewels: private data and the applications/business functions that interact with that data. This is the Achilles heel of the enterprise today.
In response, a range of application security tools have been developed to support the efforts to secure the enterprise from the threat posed by insecure applications. But in the ever changing landscape of application security, how does an organization choose the right set of tools to mitigate the risks their applications pose to their environment? Equally important: how, when, and by whom are these tools used most effectively?
