The preferred method for attacking businesses' online assets is via their web applications. According to a study released last year by HP, 69% of web applications scanned by the company had at least one SQL injection error, and 42% contained a cross-site scripting vulnerability. A White Hat Security Report discovered 50% of Education web sites and 47% of Healthcare websites are always vulnerable (vulnerable on every single day of the year).
Web application vulnerabilities continue to be a significant problem. Depending on the specific circumstances, these vulnerabilities could cause significant problems for the companies that have not remediated them, up to and including the theft of critical business data or personally identifiable information, web site defacement, or denial of service.
While this list could go on and on, here are five great tips from our IT Security Engineer Rajitha Udayanga on how to strengthen your web application security and minimise your risk of a data breach:
1. Get Patched Up!
Keep your servers and software patched and up-to-date, last year we saw a string of security breaches stemming from the same problem: Unpatched versions of the ColdFusion application server software. With web application security, every little vulnerability opens the door for a security breach. You might build impenetrable applications but if you put those applications on an unpatched server, your data is still vulnerable.
2. Trust, But Verify User Input
While this advice might sound obvious, there’s a very good reason why it’s included: Despite the repeated warnings over the years, these types of attacks still happen far too often. Developers still aren’t properly validating user input, leaving their data wide open to attackers. The good news: frameworks for protecting against these attacks are improving.
3. Use a Security-Focused Quality Assurance (QA) Process
When testing new web applications, what do you check for? In most cases, testers looks for bugs in the interface and ensure the application does what it’s supposed to do. But, is that enough? Your QA process should also ask this question: Does the application do anything it’s not supposed to do?
Security is a problem that will keep growing if not made a priority.
It’s a problem that can compromise your customer’s sensitive data and cause irreparable damage to your company’s reputation.
4. Make Security Part Of The Organisation
Shortly after the USA Healthcare.gov website went public, a “white hat” hacker discovered that security was never properly built into the site. It was composed of multiple insecure pieces that left user data wide open to attackers. Now, while most schools and organisations aren’t creating applications on this scale, it brings up an important point. Security should never be an afterthought. It can’t be something that’s added after the application is built. It should be a critical component of the entire development process, as well as the organisation as a whole.
5. Test Your Website For Vulnerabilities
It is important to regularly perform web security assessment to check for website and server vulnerabilities. Web security assessment should be performed on a schedule, and after any change or addition to your web components. Developing a relationship with a firm that provides security services can be a lifesaver when it comes to protecting your website. While the small things can be taken care of on your own, there are many security measures that should be handled by an expert. Companies providing security services can regularly assess your website for vulnerabilities, perform full website security audits, monitor for malicious activity, and be on hand whenever repair is needed.
- Trackback Link
- Post has no trackbacks.