Weekly Industry Round-up, Week of 2/1
Posted by hyperguard on February 4, 2010
Information Security Magazine…
Attackers Zero in on Web Application Vulnerabilities
Robert Westervelt discusses how Web application vulnerability flaws are happening on websites all over the Internet at an alarming rate and account for more than 80 percent of the vulnerabilities discovered, according to the SANS Institute. In many cases, attackers exploit a Web application vulnerability to set up an attack that targets coding errors in client-side applications. While we may never get to the point of having zero vulnerabilities, companies can improve security by taking steps such as using a dWAF.
Old Security Flaws Still a Major Cause of Breaches, Says Report
In this article, Jai Vijayan says recent reports show an overemphasis on tackling new and emerging security threats may be causing companies to overlook older, but more frequently exploited vulnerabilities. In 2009, the top three ways hackers gained initial access to corporate networks were via remote access applications, trusted internal network connections, and SQL injection attacks. Companies may have to reevaluate their security programs to make sure they are aware of both new and old vulnerabilities. The study suggests companies maintain an up-to-date list of assets, decommission older legacy systems as much as possible, and monitor third-party relationships. This is particularly true when applications are forced from the network to the cloud, which is why flexible security solutions are a must.
Web Host Industry Review…
70% of Firms Using Cloud Services Plan to Move More Apps to the Cloud
David Hamilton discusses a recent study showing seven out of ten companies currently using cloud-based services plan to move additional applications to the cloud, and most within the next year. Certain industries are adopting cloud technologies faster than others. The top three industries adopting cloud computing solutions are technology (with 53 percent), financial services (40 percent), and legal (37 percent). For those already using cloud computing solutions, email and CRM proved to be the most valuable. These organizations need to ensure that they secure all of the applications they add to the cloud.
Be Ready – With Answers
Since most security vulnerabilities are located in Web applications, application security professionals will need to be ready to answer their company’s questions. Jeremiah suggests making yourself visible by branding yourself and your team as the internal experts for “application security.” Share interesting links, summarize interesting white papers, and offer to coordinate workshops for management and development teams to keep them informed. Have answers ready by building your internal step-by-step plan for an application security program. Engage with the community by getting involved in a group such as OWASP to meet people, ask questions, and offer your input.