Application Security, Essay Example

There are numerous vulnerability assessment tools available in the market. However, top of the list tools that are rated high in functionality, performance and ease of use are GFI languard vulnerability scanner and Lumension scan. The cost of GFI languard starts from $32 per IP for 10 to 24 IP addresses and Lumension scan costs upto $8 per node per year. However, there are free vulnerability assessments tools available on the Internet such as Ecora Net Explorer that is a free discovery and port scanning utility available for free download (Ecora offers free vulnerability assessment tool.2003). Moreover, one more open source tool freely available named as Network mapper (Nmap) is used for auditing networks and operates on most platforms (Nmap.2011). These tools provide structural changes as patches are implemented on distributed servers from multiple locations. Moreover, managing weaknesses for physical and logical assets, these tools provide accessibility for managing virtual environments of the organization. Patch management cannot be considered as a general process for updating security patches on operating systems that are vulnerable. It is a multi-dimensional function that comprises of many vital components that contributes to the process itself (GERACE & CAVUSOGLU, 2009). Likewise, the patch management process along with reboot control provides, customized flagging and queuing various patches. For mitigating application security risks, patch management is essential. However, testing of patches is critical before implementing them in the live environment. Moreover, compensatory controls are also required for situations where a threat is identified and the manufacturer takes time to deliver patches. Patch management tools provides ease of delivering multiple patches to required machines on the network in a single process. However, the patch update process is addressed by the subscription process that ensures the availability, identification and announcement of the newly available patches for newly identified vulnerabilities affecting the servers and applications. Likewise, organizations adopt best practices to adopt patch management techniques. For instance, a cost effective method for a client side application is called as ‘standard build’ for workstations and laptops. Likewise, this method addresses the needs of enterprise wide systems along with ensuring overall system security. Moreover, it minimizes the cost and time by eliminating frequent vendor alerts for newly available patches and test patches prior to deployment. Although, the task becomes more complex if several platforms are operational, as testing patches will require a great deal of time and resources. Another method of deploying patch management is an automated approach that is accomplished by tools. These tools push different patches from different vendors to dissimilar platforms and applications from a centralized point. One of the tools that cater patches from a centralized location is Secunia’s Corporate Software Inspector (CSI) (SAVAGE, 2011). This tool comprises of a dedicated scanning engine called as a CSI agent, which can be remotely accessed for scanning all network segments, applications and devices (SAVAGE, 2011). However, the pitfalls for security patch management are addressed by adequate policies, procedures, required resources and efficient tools to identify and monitor vulnerabilities along with proper reporting for remediation (GERACE & CAVUSOGLU, 2009).

References

Ecora offers free vulnerability assessment tool.(2003). Computer Security Update, , 2. GERACE, T., & CAVUSOGLU, H. (2009). The critical elements of the patch management process. Communications of the ACM, 52(8), 117-121.

Lumension scan.(2011). SC Magazine: For IT Security Professionals (15476693), 22(2), 56-56.

Nmap.(2011). Computer Desktop Encyclopedia, , 1..

SAVAGE, M. (2011). Managing client-side security with patch management best practices. Information Security, 13(2), 4-8.