Introduction

The enterprise Web application environment is a fast-evolving, mission-critical, domain consisting of Web, application, and database servers interconnected by application level protocols, such as HTTP, HTTPS and SQL. We call this the Application Sphere.

A typical Application Sphere may consist of hundreds of Web servers functioning as presentation front-ends. The business logic layer may be implemented over commercial application servers that are connected to corporate databases and other Web applications.

The Application Sphere is constantly evolving. New and improved applications are being developed and deployed. Corporate databases are extended with new types of information. Users with various roles and privileges are added with new access rights to critical resources. All of this change usually occurs without the knowledge of the security team making it a particularly challenging domain to secure. An application security policy that works one day, may be blocking legitimate users the next.

The Enterprise Application Sphere

NEXT: The Security Problem >