- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Many of the U.S. Air Force’s mission-critical logistics applications, such as its cargo scheduling software, were developed to be used in a closed network environment. But now that the U.S. military is shifting toward greater use of the Internet, there’s heightened concern about making sure Web-based applications don’t get shot down from hackers exploiting software flaws.
“The Department of Defense and the Air Force are moving to a more ‘Net-centric approach,” says Greg Garcia, member of the Senior Executive Service of the U.S. Air Force and Director of the 754th Electronic Systems Group (ESG) based at Maxwell Air Force Base at Gunter Annex, Ala. “Many of our applications in the past were built to be on closed networks. But now we’re being more Web-focused and using commercial-off-the-shelf software to a greater degree.”
This transition is raising concern in military circles that there will be break-in attempts, such as using SQL injection attacks, cross-site scripting or other assault methods to try to throw Web-based logistics systems into disarray.
To defend against that, one step the Air Force is taking is to establish the USAF Application Software Assurance Center of Excellence to define “application security best practices,” Garcia says.
The USAF Application Software Assurance Center, managed by the 754th ESG, will focus on source-code analysis, penetration testing, application shielding and database monitoring procedures.
The 754th ESG also intends to work closely with the 554th ESG responsible for testing IT systems used in combat support. Others responsible for military technology, including the National Security Agency and the Defense Information Systems Agency, are also partners in the project.
Security vendors are being drafted for the project. Cigital, Fortify, Watchfire (acquired by IBM), and Application Security have been tapped under a contract awarded to Telos to help set up the Application Software Assurance Center of Excellence at Maxwell AFB. The two-year award, placed under the larger NETCENTS contract, is valued at a minimum of $10.2 million and a maximum of up to $75 million to provide application-level security products and services.
Garcia says he anticipates a phased plan that will begin with procedures such as analyzing source code for vulnerabilities or wrapping Fortify’s Defender shield around software to protect application code.
The Diane's of the industry should be acknowledged for their understanding of why products fail when...- Anon
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment