Is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL .

Many companies are just now beginning to realize the importance of web application security. Some are learning the hard way. Most veteran security professionals are aware of common UNIX applications that have been historically vulnerable such as versions of BIND/DNS, FTP, Send mail and Apache Web Server. The most predominant business applications being deployed in these instances is email and web services. Since these types of applications are employed to purposely facilitate bidirectional communications most perimeter firewalls are configured to allow data to pass through without much inspection of the payload .