Companies are producing more applications today than ever before, and with this increased production comes increased risk. Many enterprises recognize the need for application security but aren’t making it a priority. This is usually because application security is mistakenly seen as an overly complex and expensive endeavor.
What those responsible for securing the applications at their organizations need is a way to immediately demonstrate the benefits of application security. To reduce risk and demonstrate the benefit to the organization, the application security manager should focus on an area that will be highly visible – and no area of application security is more suited to this task than web application security.
According to the Verizon Data Breach Investigations Report, web application attacks remain one of the most frequent patterns confirmed in breaches and account for up to 35 percent of breaches in some industries. Why do so many breaches originate from web applications? To start, they are the connection point between the enterprise and the outside world. It is how customers order goods, manage accounts, update appointments or even transfer funds. Add in the fact that applications written in web scripting languages are the most susceptible to easily exploitable vulnerabilities like SQLi or XSS, and you have a recipe for a breach.
Securing web applications can be a quick win for organizations, but many don’t even know how many they have. Through the research done at CA Veracode in assessing the web perimeters of some of the world’s largest companies, we’ve found that companies typically have 30 percent more web applications than they initially thought. And if they don’t even know about these applications, what are the chances they’ve been patched or updated? Hackers don’t care if they are breaching you through a business critical application or through a forgotten website – they will take advantage of any vulnerability they can find. Which is why your first step toward reducing risk and demonstrating how application security is improving your organization’s security posture is to get a handle on your web perimeter.
This handy checklist outlines the three steps you can take immediately to secure your web perimeter. You can access the checklist here.