PERIMETER NETWORK SOLUTIONS—firewalls, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), and demilitarized zones (DMZs)—are all needed for network security, but they manage only part of the risk. Today's networks require much more than perimeter security. Internal services such as e-mail, File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), and Telnet operate 24/7 and are a security battleground. These protocols and Web applications form the basis of the modern business economy, and that makes them a target for hackers.

In some respects, managing Web application security is more difficult than other traditional network areas. Among the many facets ...