Skip naar inhoud

Can a web app ever be truly secure?

Wilt u deze bijdrage aanbevelen? Dat kan via:

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on tumblr
Share on stumbleupon
Share on mix
Share on telegram
Share on pocket
Share on whatsapp
Share on email
Despite the wealth of vulnerability detection tools and practices, there remains a vast array of web application security breaches
Given the devastating consequences of a vulnerability breach – including loss of trust, brand damage and financial sanctions – it is perhaps no surprise how much software security is talked about and worried over.
Secure applications and data privacy are regularly a top-level concern of all organisations, no matter their market sector, size or geography. Barracuda’s State of application security in 2021 report surveyed 750 application security decision-makers representing organisations with 500 or more employees globally from the US, Europe and the Asia Pacific region. It points conclusively to the vulnerabilities of web applications when it comes to the breaches that organisations experience through their software applications.

This is not a surprising outcome given the dominance of web applications and the global transition to remote, online working. But web applications have been a constant source of vulnerability since the early days of the internet. The rise of rich internet applications, paving the way for intuitive, any time, anywhere engagements on any device has exacerbated the situation.

The reality is that web applications present too easy a vulnerability point because of what development teams do – and don’t do. There are too many basic security vulnerabilities because development teams and their security auditors leave themselves wide open. For example, by not covering up the tracks to common folder locations where sensitive information can be obtained, they allow an enterprising hacker to gain easy access.

Disconnects in the security posture between different teams present gaps that can be exploited. For too many organisations, there is still too little sharing of either the security policies or the checklist of common vulnerabilities on which teams are regularly caught out.

We know that the landscape of attack vectors is constantly changing. Barracuda’s survey highlighted bot attacks, API security and software supply chain attacks. But there is a list of golden oldies that continue to be stubbornly prevalent – cross-site scripting, cookie poisoning, session hijacking, credential stuffing and SQL injection, to name but a few.

It is hard not to be critical of the developers of web applications. There are, after all, numerous studies pointing to their culpability in building in or leaving vulnerabilities. Yet, they are aware of the importance of making web applications secure, given that these apps are such a common access point for cyber crimes.

For all those who care about meeting the expectations of clients, whether they are inside or outside the organization, one of your top priorities should be to reduce risk in the web applications you develop.

There are many suppliers that can provide tools and audit services that can take web application security and privacy to a higher order of operation and robustness. The numerous products built on open source support provide cost-effective access. A strong testing regime is essential. This needs to be underwritten by automated support to allow for more effective and faster test coverage.

Two important bodies, the SANS Institute and OWASP, have worldwide recognition in monitoring and providing the leading security checklists for web application design. OWASP has embarked on a secure headers project that delivers HTTP response header descriptions that, if used, will help increase the security of applications.

Behind the need for security education, training, tools and best practices lies a simple fact: continuous checking not only helps to plug the gaps, it also creates an environment for speedy detection and resolution.

Enlightenment comes from knowing that vulnerabilities will always exist because nothing is infallible. Ultimately, giving development and security teams the time and space to regularly check with the right best practices and tools in place will reinforce the security of web applications considerably.

Lees ook:

Speech2Text als basis voor ingesproken zorgrapportages

Bij overheidsinstellingen wordt automatische ondertitelingssoftware al veelvuldig ingezet voor de verslaglegging van raadsvergaderingen. Tijdens de vergadering wordt spraak direct omgezet naar tekst, waardoor de vergadering automatisch en direct ondertiteld wordt.

Germany and Austria implement repair bonuses

How do we make repair less expensive and therefore more attractive? In Austria and the German state of Thuringia, people can now be partially reimbursed when repairing a product thanks to a repair bonus.

China trekt teugels techbedrijven verder aan

China heeft haar greep op de technologiesector opnieuw verstevigd. Vanmorgen maakte de regering in Beijing een aantal maatregelen bekend die oneerlijke concurrentie moeten tegengaan. Ook het bewerken van persoonsgegevens en andere kritieke data wordt aan banden gelegd, evenals de toepassing van kunstmatige intelligentie en algoritmes.

Dataschrapers, wie doet ze wat?

Persoonsgegevens achterlaten op een sociaal platform is onderdeel van het spel, en iedereen kan goed inschatten waar het verstandig is dit wel te doen en waar vooral niet. Toch lagen kwamen onlangs miljoenen persoonsgegevens op straat te liggen. Niet via hacks, maar via scrapes.

OldFlix: We bewaren oude films en series en presenteren ze: In een Netflix-achtige methode, maar gratis!

Wie kent ze niet, Charlie Chaplin, Dallas Dolls, Philips met hun nieuwe spectaculaire uitvindingen tot de spannende avonturen van de jeugddetective Q & Q. Maar waar kijkt u ze? Vanaf

Wilt u deze bijdrage aanbevelen? Dat kan via:

Share on facebook
Share on twitter
Share on linkedin
Share on google
Share on reddit
Share on tumblr
Share on stumbleupon
Share on mix
Share on telegram
Share on pocket
Share on whatsapp
Share on email

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”