Improving Web Security by Working With What You’ve Got

As I wrote about in a previous post, we’re in the era of cutting back – if not completely eliminating – all non-essential expenditures. The thing is what may seem to be non-essential to management may actually be essential to the business. There could just be a disconnect — or communication breakdown — between you, your team, and the managers ultimately making the decisions. Politics and opinions aside, you have to think creatively about how you can make small improvements in Web application security across numerous areas of the business if you’re going to move your Web security program forward.
How can you do this? You need to prove that you’re thoughtful and careful about money and that the decisions you’re making regarding Web security are in the best interests of the business. You can be frugal and show management that you’re willing and able to cut back, deal with what you’ve got and find ways to make things work better that may have been overlooked the past. For example, one thing I see quite often is network administrators and security managers not taking advantage of Web security (continue reading...)