Skip naar inhoud

Can a web app ever be truly secure?

Wilt u deze bijdrage aanbevelen? Dat kan via:

Despite the wealth of vulnerability detection tools and practices, there remains a vast array of web application security breaches
Given the devastating consequences of a vulnerability breach – including loss of trust, brand damage and financial sanctions – it is perhaps no surprise how much software security is talked about and worried over.
Secure applications and data privacy are regularly a top-level concern of all organisations, no matter their market sector, size or geography. Barracuda’s State of application security in 2021 report surveyed 750 application security decision-makers representing organisations with 500 or more employees globally from the US, Europe and the Asia Pacific region. It points conclusively to the vulnerabilities of web applications when it comes to the breaches that organisations experience through their software applications.

This is not a surprising outcome given the dominance of web applications and the global transition to remote, online working. But web applications have been a constant source of vulnerability since the early days of the internet. The rise of rich internet applications, paving the way for intuitive, any time, anywhere engagements on any device has exacerbated the situation.

The reality is that web applications present too easy a vulnerability point because of what development teams do – and don’t do. There are too many basic security vulnerabilities because development teams and their security auditors leave themselves wide open. For example, by not covering up the tracks to common folder locations where sensitive information can be obtained, they allow an enterprising hacker to gain easy access.

Disconnects in the security posture between different teams present gaps that can be exploited. For too many organisations, there is still too little sharing of either the security policies or the checklist of common vulnerabilities on which teams are regularly caught out.

We know that the landscape of attack vectors is constantly changing. Barracuda’s survey highlighted bot attacks, API security and software supply chain attacks. But there is a list of golden oldies that continue to be stubbornly prevalent – cross-site scripting, cookie poisoning, session hijacking, credential stuffing and SQL injection, to name but a few.

It is hard not to be critical of the developers of web applications. There are, after all, numerous studies pointing to their culpability in building in or leaving vulnerabilities. Yet, they are aware of the importance of making web applications secure, given that these apps are such a common access point for cyber crimes.

For all those who care about meeting the expectations of clients, whether they are inside or outside the organization, one of your top priorities should be to reduce risk in the web applications you develop.

There are many suppliers that can provide tools and audit services that can take web application security and privacy to a higher order of operation and robustness. The numerous products built on open source support provide cost-effective access. A strong testing regime is essential. This needs to be underwritten by automated support to allow for more effective and faster test coverage.

Two important bodies, the SANS Institute and OWASP, have worldwide recognition in monitoring and providing the leading security checklists for web application design. OWASP has embarked on a secure headers project that delivers HTTP response header descriptions that, if used, will help increase the security of applications.

Behind the need for security education, training, tools and best practices lies a simple fact: continuous checking not only helps to plug the gaps, it also creates an environment for speedy detection and resolution.

Enlightenment comes from knowing that vulnerabilities will always exist because nothing is infallible. Ultimately, giving development and security teams the time and space to regularly check with the right best practices and tools in place will reinforce the security of web applications considerably.

Lees ook:

Na sase komt sse (security service edge)

Security service edge (sse) is de evolutie van het sase-framework van Gartner. Door de letter ‘A’ (voor ’access) te verwijderen, wordt duidelijk dat het netwerk niet langer wordt beschouwd als onderdeel van een beveiligingsoplossing. Het is slechts het mechanisme dat de datastromen naar het security- en controleplatform transporteert.

UK tech has 2.8% gender ‘wage gap’, says Hired

The wage offered to women for tech jobs in the UK is 2.8% less than offered to male counterparts – a larger gap than in the US and Canada, says Hired

HPE bouwt eerste Europese supercomputerfabriek

Hewlett Packard Enterprise (HPE) zet in Tsjechië zijn eerste Europese productielijn voor supercomputers en ai-systemen neer. Elders in de wereld heeft het techbedrijf al drie van zulke fabrieken. De Tsjechische locatie moet de levering aan Europese klanten versnellen en het regionale netwerk van toeleveranciers versterken. Volgens het concern loopt Europa voorop bij de inzet van supercomputers en artificiële intelligentie (ai).

Government won’t regulate on professional cyber standards

The government has elected not to proceed with regulatory intervention to embed standards and pathways across the cyber profession

Slimmer datagebruik leidt tot forse efficiency

Bedrijven kunnen zeker tien procent efficiënter werken door slimmer gebruik te maken van de aanwezige informatie in digitale bedrijfsprocessen. ‘Er zit nog veel onbenut potentieel in de informatie uit de systemen’, zegt Remco Dijkman, professor in Information Systems aan de TU Eindhoven. Hij noemt het percentage een voorzichtige inschatting.

EasyComp Zeeland opent nieuwe online megastore EasyComp Shop.

EasyComp Zeeland, een toonaangevende leverancier van allerlei IT en ICT-dienstverlening, heeft vandaag haar nieuwe online megastore EasyComp Shop geopend. Deze one-stop-shop biedt een uitgebreid assortiment producten van wereldberoemde merken tegen scherpe prijzen. Of u nu op zoek bent naar een nieuwe laptop, tablet of smartphone, in de EasyComp Shop vindt u altijd wat u zoekt.

Wilt u deze bijdrage aanbevelen? Dat kan via:

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”