The ever-expanding number of mobile users running web apps has raised the profile of the IT security staff at Chapman University in Orange, Calif. Today, students use web browsers on mobile devices to access event calendars, check bus schedules, view grades, read assignments and participate in discussions.
Todd Plesco, the university’s director of information security, says IT security’s role will only expand as the college deploys a web-based version of Oracle PeopleSoft. The new enterprise, resource and planning system lets faculty and staff access human resources, finance and student record information via web browsers.
Keeping these web apps secure requires multiple layers of defense, and Plesco says penetration testing serves as the first layer. The IT staff also bolsters security with Fortinet’s FortiGate web application firewall, a product that complements the university’s mix of Fortinet firewalls for its existing network.
“We know that as we add more web applications, we will have to step up security. We’re taking it one step at a time,” Plesco says, adding that while penetration testing is still done manually, the university may switch to a commercial tool sometime soon.
Jeff Wilson, principal analyst with Infonetics Research, says there are many reasons why colleges and universities should make securing web applications a top priority. Mobile versions of web apps are yet another stream of code that must be maintained, managed and checked for vulnerabilities.
“Custom code, or simply poor coding that leaves vulnerabilities in the code during development, can cause real security problems,” Wilson says.
“If you have the right tools and can get at the code to fix the problems, you’ll be in pretty good shape. But if you don’t have access to the code because the application was outsourced or built on a platform where you are at the mercy of the platform developer, it’s more difficult to find and fix vulnerabilities,” he adds.
At Carnegie Mellon University in Pittsburgh, development and testing of web applications takes place campuswide.
86%
The percentage of web applications that are vulnerable to an injection attack, where internal databases are accessed through a website
SOURCE: 2011 Top Cyber Security Risks Report (HP)
“We have IT shops all over campus delivering web-based applications using different technology and tools,” explains Mary Ann Blair, the university’s director of information security.
Because app development is widely distributed across campus, Blair’s staff focuses on publishing security guidelines, providing design consulting and review, hosting training opportunities and conducting penetration testing.
“The goal is to ensure that campus developers are equipped to deploy web apps that can defend against common attacks such as SQL injection, cross-site scripting and cross-site request forgery,” Blair adds.
There are several possible tools that colleges and universities can use to ensure the security of their web apps, including penetration testing and web application firewalls.
Penetration testing tools, such as IBM Rational AppScan and Tenable Network Security’s Nessus ProfessionalFeed, actively try to find vulnerabilities in web apps caused by problems such as cross-site scripting and SQL injection. They work by simulating the methods real attackers might use, but without actually damaging the web application. Typical features of these tools include both static and dynamic testing, content audits (for example, for adult content and personally identifiable information), and the ability to pinpoint specific lines of code causing problems. They are also used for compliance auditing.
Web application firewalls are just that: firewalls that protect web applications. Marketed by providers such as Fortinet, Barracuda Networks, F5 Networks, WatchGuard Technologies and Imperva, these products block threats such as cross-site scripting, SQL injection, buffer overflows and denial of service cookie poisoning. They can also help organizations comply with the Payment Card Industry Data Security Standard. Other features include load balancing and Secure Sockets Layer offloading and acceleration.
Although these tools are invaluable, there is also great value in old-fashioned ingenuity, says Jeff Wilson, principal analyst at Infonetics.
“Whatever investment you make in web application security, there will still be bugs you miss,” he says. “Consider trying the crowdsourcing approach, like Google does. They pay a bounty to anyone who finds bugs in their code.”
The guides leverage Astadia’s 25+ years of expertise in partnering with organizations to reduce costs, risks and timeframes when migrating their IBM mainframe applications to cloud platforms
BOSTON, August 03, 2022--(BUSINESS WIRE)--Astadia is pleased to announce the release of a new series of Mainframe-to-Cloud reference architecture guides. The documents cover how to refactor IBM mainframes applications to Microsoft Azure, Amazon Web Services (AWS), Google Cloud, and Oracle Cloud Infrastructure (OCI). The documents offer a deep dive into the migration process to all major target cloud platforms using Astadia’s FastTrack software platform and methodology.
As enterprises and government agencies are under pressure to modernize their IT environments and make them more agile, scalable and cost-efficient, refactoring mainframe applications in the cloud is recognized as one of the most efficient and fastest modernization solutions. By making the guides available, Astadia equips business and IT professionals with a step-by-step approach on how to refactor mission-critical business systems and benefit from highly automated code transformation, data conversion and testing to reduce costs, risks and timeframes in mainframe migration projects.
"Understanding all aspects of legacy application modernization and having access to the most performant solutions is crucial to accelerating digital transformation," said Scott G. Silk, Chairman and CEO. "More and more organizations are choosing to refactor mainframe applications to the cloud. These guides are meant to assist their teams in transitioning fast and safely by benefiting from Astadia’s expertise, software tools, partnerships, and technology coverage in mainframe-to-cloud migrations," said Mr. Silk.
The new guides are part of Astadia’s free Mainframe-to-Cloud Modernization series, an ample collection of guides covering various mainframe migration options, technologies, and cloud platforms. The series covers IBM (NYSE:IBM) Mainframes.
In addition to the reference architecture diagrams, these comprehensive guides include various techniques and methodologies that may be used in forming a complete and effective Legacy Modernization plan. The documents analyze the important role of the mainframe platform, and how to preserve previous investments in information systems when transitioning to the cloud.
In each of the IBM Mainframe Reference Architecture white papers, readers will explore:
Benefits, approaches, and challenges of mainframe modernization
Understanding typical IBM Mainframe Architecture
An overview of Azure/AWS/Google Cloud/Oracle Cloud
Detailed diagrams of IBM mappings to Azure/AWS/ Google Cloud/Oracle Cloud
How to ensure project success in mainframe modernization
The guides are available for obtain here:
To access more mainframe modernization resources, visit the Astadia learning center on www.astadia.com.
About Astadia
Astadia is the market-leading software-enabled mainframe migration company, specializing in moving IBM and Unisys mainframe applications and databases to distributed and cloud platforms in unprecedented timeframes. With more than 30 years of experience, and over 300 mainframe migrations completed, enterprises and government organizations choose Astadia for its deep expertise, range of technologies, and the ability to automate complex migrations, as well as testing at scale. Learn more on www.astadia.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20220803005031/en/
Contacts
Wilson Rains, Chief Revenue Officer
Wilson.Rains@astadia.com
+1.877.727.8234
ItJob met ID 444804 niet gevonden.
