Vulnerable web applications are among the greatest cyber security threats to information systems today.
Cyber security is a top concern in the IT industry today. In this series, we will look at various threats to cyber security – and what steps businesses can take to meet those security threats to information systems head-on.
Hacking today is big business. Hackers put in long, hard hours for payoffs that can easily reach into the millions. Where do they strike? Well, in a recent survey commissioned by Sungard Availability Services*, the top 5 cyber security threats to information systems were identified as:
- vulnerable web applications (noted by 55% of respondents)
- being overall security “aware” (51%)
- out-of-date security patches (50%)
- failure to encrypt PCs and sensitive data (47%)
- obvious or missing passwords (44%)
I’d like to spend some time talking about the #1 security threat noted, vulnerable web applications, since it tends to be less understood than the others. After all, designing a security awareness program, establishing a patch management schedule, encrypting PCs and sensitive data, and enforcing strong passwords are all relatively straightforward activities. Securing vulnerable web applications is a different type of animal.
Here are the 5 questions you need to ask if you want to counter this top security threat to information systems.
Was this application created with security in mind?
Ask this question whether you are talking about an out-of-the-box purchased application or a homegrown application. Did the programmers inject security into the software development lifecycle (SDLC) from the very beginning? Or was security an afterthoughts? “Oh, gosh, I guess we’d better secure this in some way before we actually use it.”
If security was a concern from the start, it will have been worked into all the sub-levels of the application. If it was an afterthought, you might be looking at a nice, shiny security “veneer” that has no substance to it.