Understanding what web applications your organization has in its inventory is very important. Early in this chapter, we discussed the importance of developing a complete inventory so that we could better protect our environment. It will be very difficult to maintain an effective application security program without having detailed knowledge of the applications implemented throughout your organization. You should strive to answer questions such as:

• How many total applications are in the organization?
• What programming languages do they use?
• What tier architecture do they use?
• Where are they located within the enterprise infrastructure?
• Who manages the applications?
• What is the purpose of the applications?

Make sure that you gather as much information about the applications as you can so that you have the details needed to go back to the responsible parties when it the time comes to discuss information security issues.