configuration /security issues of Websites
Posted on 2013-01-03
I am facing an interesting issue. In my enterprise, I am resposible for Network Security - Firewalls, IPS, HIPS, Proxy etc. Suppose some web site is built in Sharepoint or ASP and has development issues: not having input parameter validation, credentials stored in clear text, permissions not assigned properly for pages that need not to be served to anonymous users. This can happen mainly because developers look at the functionality of the application, and do not carefully consider how to secure them.
My problem is who should be responsible for this at the policy level - the application developer or network security team. Can I prevent these issues with Network IPS or Host IPS running on the web servers.
What are the actual solutions for these type of issues?
I would appreciate your thoughts.