Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • A from Positive Technologies found that % of the web it tested contained at least one security vulnerability, with 85% being risks to users.
  • Web apps need to be constantly monitored for vulnerabilities, with source code analysis being the best way to find flaws, Positive Technologies said. The key at that point is to release patches swiftly.

Security Positive Technologies has released a summary of its web application vulnerability testing in 2017, and the results should serve as a wakeup call to anyone using, or responsible for, a web app.

Of the web apps included in the study, not a single one was without security vulnerabilities, of which 85% allowed attackers to target web app users through attacks like cross- scripting.

The sample size in Positive Technologies study is (only 33 web apps were included), and the study also admits that the tested applications are not standard apps and contain large amounts of custom code.

Regardless of the scope of the study, its findings should put web app developers on guard, especially those building custom apps or publishing non-standard web apps—there’s no reason to assume they’re safe.

Who is most at risk and what are they facing?

Of the web apps considered in the report, nearly half belonged to financial services organizations, which were also the greatest risk category: 100% of financial services apps contained high-risk vulnerabilities.

Financial apps are the most at risk, the report said, because of their overall level of complexity. That complexity makes it easier for a bug to work its way into, and go unnoticed in, a web app’s code.

Government and e-commerce web apps were the second and third most at risk. All tested government web apps were vulnerable to cross-site scripting attacks on users, and e-commerce sites were most likely to fall prey to denial-of-service attacks.

SEE: Guidelines for building security policies (Tech Pro Research)

Attacks on users were the most common form of web app vulnerabilities, with 85% of those tested susceptible to them. User attacks in the report are defined as cross-site scripting, HTTP response splitting, open redirect, and cross-site request forgery.

Denial-of-service attacks ranked second, followed by arbitrary file reading, OS commanding, and unauthorized database access.

How to protect your web apps

Web apps, according to Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, practically have targets painted on their backs. “Fortunately, most vulnerabilities can be discovered long before an attack ever happens. The key is to analyze application source code,” Galloway said.

The Positive Technologies report pulled all its information from source code analysis, which it encourages web app users to make for. Automated tools are available and are prefered to manual analysis.

Quick release of fixes is also essential—it doesn’t do any good to find a vulnerability if it isn’t patched immediately. Positive Technologies recommends putting another layer between web app users and the code itself with a web application firewall.

As with most vulnerabilities, detection prior to disaster is possible as well as practical. Don’t be caught in a bind because a known issue wasn’t addressed.

Also see

control.jpg  - control - Report: 100% of web apps have at least one security vulnerability

iLexx, Getty Images/iStockphoto

Source link


Please enter your comment!
Please enter your name here