Why achieving web application security might be a lot like juggling elephants


By Michael Warnock
Country Manager, Aura Information Security

In today’s fast-paced business climate, where the pressure is on to deliver new web-based services and features to customers, Chief Information Security Officers (CISOs) can often feel like they’re juggling elephants.

In one hand they have the weighty responsibility of getting new applications into production as quickly as possible. In the other, they’re holding the equally weighty task of ensuring those applications are totally secure and able to withstand a growing array of cyberattacks.

The challenges are highlighted in recent research that shows organisations are facing an increasing number of threats being launched via web applications. According to Verizon’s 2018 Data Breach Investigations Report, more than 20 per cent of breaches continue to occur as a result of vulnerabilities within web applications. The report says the parties behind such breaches are most often financially motivated external attackers.

These security issues are particular acute for organisations in the retail and transport and logistics sectors. Many have back-end systems in place that have been operating for more than a decade. When internal pressure mounts to link these systems to web applications, the result can be the appearance of significant security vulnerabilities.

The situation is also exacerbated by the fact that many software development teams have not historically had security methodologies built into their code development workflows. Team members might be very good at creating fully featured web applications, but not so great when it comes to ensuring those applications are able to withstand malicious attacks…Click here to read full article.