Homepage Cybernetic Global Intelligence newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Web Application Security – Don’t leave DevOps without it!

Announcement posted by Cybernetic Global Intelligence 29 May 2015

Web applications of all kinds, whether online shops or partner portals, have in recent years increasingly become the target of hacker attacks. Due to the always ‘on’ state of the internet, any application, whether it is the online branch of a bank, an online shop, or even an employee access portal, it is always available and therefore vulnerable to attacks. These vulnerabilities are increased even further by the high degree of complexity of the web scripts, frameworks and web technologies frequently used.

Attacks such as SQL injection, cross-site scripting or session hijacking are aimed at vulnerabilities in the web applications itself – and not at those on the network level. For this reason, traditional IT security systems such as firewalls or IDS/IPS are either totally unable to guard against these attacks or are incapable of offering comprehensive protection.

Any applications that may provide interactive access to potentially sensitive materials or expose the underlying servers and software, must be secured against malicious attacks or any unauthorized user access that have the power to modify or destroy data or stop critical system services.

Larger, more sophisticated organisations, have the most to lose if their applications fall prey to attacks, but the fallout from these can leave even the smallest organisations reeling. The possible effects of the non-availability or data loss in the web applications include:

  • Interruption of business processes (including those of customers or partners)

  • Loss of reputation

  • Damage compensation claims

  • Revocation of licenses

  • Loss of confidential information.

What can be done then, you ask? Well, the basic principle is starting at the beginning. This means that every application should be developed as securely as possible in the first place. This is because the later a vulnerability is detected in the life cycle of a web application, the greater the risk of a successful attack, and the larger the amount of work involved in correcting the issue.

In the development phase, methods such as static source code analysis help to promptly detect and rectify vulnerabilities in the code. This additionally includes penetration tests, ideally carried out by experts, which cover the vulnerabilities in the external behavior of the web application in productive operation as well.

It is important to keep in mind though, that the one-size-fits-all approach doesn’t work when it comes to application security strategy. Every organization needs to adopt a customized approach for application security. For example, secure coding practices don’t make sense for an organization that typically buys or outsources its application development. In this instance, it is important to implement strong vendor management practices, as these definitely make a huge impact in terms of the security of applications delivered by the vendor.

It is time to ask yourself – am I doing the right thing when it comes to our web application security? Do not become a cautionary tale that spurs other organisations into action. Take control today.