During the 2009 RSA Conference, Cenzic interviewed Jim Porell, Distinguished Engineer at IBM, for our Application Security MythBusters series. According to Jim, the state of application security today is still not as secure as people think. From PCI to using Web Application Firewalls, people want to throw some type of technology at the problem and hope it goes away. However, if people and processes aren’t working towards a more secure application, then all the technology in the world won’t help them. Jim’s strong suggestion is to adopt an end-to-end security approach. For example, the application team feels secure, as does the database team, but because attacks go through multiple layers, vulnerabilities can be exploited. So instead of using a silo-type of approach, you need a higher level of a fraud analysis methodology to mitigate risk. If you have any other questions or topic suggestions about the latest myths out there, send an email to: mythbusters@cenzic.com by
Erin Swanson, Marketing
Eswanson@cenzic.com | 
