Hyperguarding your Web Applications

Weekly Industry Round-up, Week of 4/26

Posted by hyperguard on April 30, 2010

Ponemon Institute…
eWEEK and Dark Reading discussed two reports issued by the Ponemon Institute this week. The first, commissioned by Imperva and WhiteHat Security, found that 70 percent of the respondents felt their organizations do not allocate sufficient resources to secure critical Web applications. The results show that 73 percent said senior executives were not strongly supporting Web app security efforts. To resolve this issue, communication between security operations and app development teams will need to improve.

The second, sponsored by security vendor PGP, found that a data breach in the United States could cost enterprises twice as other countries because of stringent regulations. In the U.S., where 46 states have introduced laws forcing organizations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were recently passed, costs were second highest. In Australia, France, and the U.K., where data breach notification laws have not yet been introduced, costs were all below the average.

Engaging Your Staff in Data Protection
While breaches cannot be eliminated, staff engagement in a data protection program can help reduce risk. For data protected by state or federal laws, such as social security number (SSN), personal credit card numbers (CCN), or protected health information (PHI) there typically legally required notification requirements, and potentially fines. If you are dealing with credit cards, you also have to conform to PCI-DSS, otherwise your merchant status is at risk. To help engage staff in data protection, employees should know processes and understand data classifications. Companies should also think about what messages to send that that will encourage staff to take ownership for protecting the information.

Zero Day…
Serious XSS flaw haunts Microsoft SharePoint
It seems that every week we are hearing about cross-site scripting (XSS) attacks affecting another company. This week, Microsoft’s security response team confirmed the existence of a serious XSS vulnerability in the Microsoft SharePoint Server 2007 product. The vulnerability, which can be exploited via the browser, could allow a malicious hacker to execute arbitrary JavaScript code within the vulnerable application. Microsoft said it was aware of the issue and promised to issue guidance for affected customers.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: