More than 75% of attacks occur in the applications level (1). The reported vulnerabilities in main applications have annually been increasing by 43% during the last 10 years(2).
(2)CERT, Computer Emergency Response Team
Consequently, there is no doubt about the necessity of devoting a major part of the investment in Information Security to internal applications. And this applies not only to strengthening the development process of software (which very frequently implies external staff of the company) but also to the control in the execution of the same.
Vulnerabilities can be promptly detected incorporating automatic scanning tools of source code to the development process. And at the same time, programmers can be trained on the safe coding practices.
The execution is controlled through Firewalls of Applications that prohibit those transactions which are not permitted by the security policy previously defined.