Can a web app ever be truly secure?

Despite the wealth of vulnerability detection tools and practices, there remains a vast array of web application security breaches
Given the devastating consequences of a vulnerability breach – including loss of trust, brand damage and financial sanctions – it is perhaps no surprise how much software security is talked about and worried over.
Secure applications and data privacy are regularly a top-level concern of all organisations, no matter their market sector, size or geography. Barracuda’s State of application security in 2021 report surveyed 750 application security decision-makers representing organisations with 500 or more employees globally from the US, Europe and the Asia Pacific region. It points conclusively to the vulnerabilities of web applications when it comes to the breaches that organisations experience through their software applications.

This is not a surprising outcome given the dominance of web applications and the global transition to remote, online working. But web applications have been a constant source of vulnerability since the early days of the internet. The rise of rich internet applications, paving the way for intuitive, any time, anywhere engagements on any device has exacerbated the situation.

The reality is that web applications present too easy a vulnerability point because of what development teams do – and don’t do. There are too many basic security vulnerabilities because development teams and their security auditors leave themselves wide open. For example, by not covering up the tracks to common folder locations where sensitive information can be obtained, they allow an enterprising hacker to gain easy access.

Disconnects in the security posture between different teams present gaps that can be exploited. For too many organisations, there is still too little sharing of either the security policies or the checklist of common vulnerabilities on which teams are regularly caught out.

We know that the landscape of attack vectors is constantly changing. Barracuda’s survey highlighted bot attacks, API security and software supply chain attacks. But there is a list of golden oldies that continue to be stubbornly prevalent – cross-site scripting, cookie poisoning, session hijacking, credential stuffing and SQL injection, to name but a few.

It is hard not to be critical of the developers of web applications. There are, after all, numerous studies pointing to their culpability in building in or leaving vulnerabilities. Yet, they are aware of the importance of making web applications secure, given that these apps are such a common access point for cyber crimes.

For all those who care about meeting the expectations of clients, whether they are inside or outside the organization, one of your top priorities should be to reduce risk in the web applications you develop.

There are many suppliers that can provide tools and audit services that can take web application security and privacy to a higher order of operation and robustness. The numerous products built on open source support provide cost-effective access. A strong testing regime is essential. This needs to be underwritten by automated support to allow for more effective and faster test coverage.

Two important bodies, the SANS Institute and OWASP, have worldwide recognition in monitoring and providing the leading security checklists for web application design. OWASP has embarked on a secure headers project that delivers HTTP response header descriptions that, if used, will help increase the security of applications.

Behind the need for security education, training, tools and best practices lies a simple fact: continuous checking not only helps to plug the gaps, it also creates an environment for speedy detection and resolution.

Enlightenment comes from knowing that vulnerabilities will always exist because nothing is infallible. Ultimately, giving development and security teams the time and space to regularly check with the right best practices and tools in place will reinforce the security of web applications considerably.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses artificial intelligence and machine learning to reduce spam. See how your comment data is processed.

Related posts


The Rise of the Underground Offline World: Digital Smuggling Networks

Discover how digital smuggling networks around the world provide uncensored access to the digital world in areas where internet restrictions and censorship are in place. This article highlights the phenomenon of offline internet and illustrates it through examples such as the Cuban “paquete semanal” and the Havana Street Network.

Read more

This significantly extends the lifespan of your phone battery.

How long do you typically use an Apple or Samsung smartphone? Often, the contracts that come with such devices run for two years, after which you have the option to enter into a new contract with a device. This is a waste and far from sustainable; the device is typically still in good condition after two years. Only the phone's battery will typically have decreased in quality after two years. This does not mean that you have to replace the entire device; simply replacing the battery of your Samsung phone may be sufficient to keep going for some time. Not only is this sustainable, but it is also more cost-effective! Battery replacement can start from 30 euros, depending on the Samsung model you have.

Read more

The mystery of the gold pins: Why do cables and connectors have so many contacts?

Have you ever noticed that cables and connectors, such as USB sticks, HDMI cables, and graphics cards, have a large number of gold contacts? But why are so many needed? In this blog, we delve deeper into the reasons behind all these contacts and explain why they are crucial for electronic devices. Read on to discover more about the functions and significance of these mysterious gold pins.

Read more
  • Tags

  • Categories

  • Archives