While enterprises focus their attention on securing networks with antivirus, intrusion detection, and firewall software, analysts warn that many companies may not be paying enough attention to the security of their Web applications.

Gartner analyst John Pescatore estimates that 75% of attacks against Web servers are entering through applications and not at the network level. And, adds Pescatore, when a company makes even subtle changes on its Web sites and applications, new vulnerabilities can arise.

New software tools are beginning to arrive to help companies make sure their Web applications are secure. This week, Web application control and security company Sanctum Inc. unveiled an upgrade to its AppScan. AppScan 2.0 automates application security auditing, scanning applications from a hacker's perspective, detecting specific vulnerabilities, and providing potential fixes and patches.

And security software maker SPI Dynamics Inc. has unveiled WebInspect, which detects holes in Web applications as it scans for vulnerabilities.