The past few years have seen a tremendous increase in the number and severity of successful attacks aimed at the application layer. In fact, recent studies indicate that attacks on the application layer are growing by more than 25 percent annually (Akamai Q3 2015 State of the Internet - Security Report).
The news headlines are filled with stories about these breaches. From Target to JPMorgan Chase to TalkTalk, every breach is covered in dramatic detail. Yet, although we hear a lot about application-layer breaches, we rarely hear about the solution -- application security. Why? Maybe because the “why” and the “who ” of security breaches make more dramatic headlines and are easier for most people to understand. Delving into the “how” is more complex, and not such good headline fodder.
And not only is application security not in the headlines, most organizations are not spending time or money on it (hence the breaches!). One reason is that application security is simply misunderstood. In many cases, the traditional, on-premises tools-based approach to application security has fostered the misconception that application security programs are expensive and difficult to manage. But as the breaches continue, and the financial and brand damage add up, organizations need to clearly understand application security, and how to implement it.
Our “What Is Application Security?” information sheet is a good place to start. It will help you understand exactly what AppSec is, why it’s important and how you should approach it.