Hyperguarding your Web Applications

Posts Tagged ‘Highlights’

Weekly Industry Round-up: Week of November 9th

Posted by hyperguard on November 13, 2009

Around the Blogosphere…
This week we’ve been on the ground at the OWASP AppSecDC Conference, where the Top 10 Most Critical Web Application Security Risks have been made available as a release candidate.  The new top 10 is about risks, not just vulnerabilities.  Our friend, Jeremiah Grossman shared the OWASP document and posted comments live from the show.  It will be interesting to see how these new risks will impact the industry—such as PCI compliance and the Cloud Security Alliance.  Check out #OWASP for real time commentary.

Dark Reading…
New Security Certification On The Horizon For Cloud Services
Writer, Kelly Jackson Higgins speaks with Jim Reavis, co-founder and executive director of the Cloud Security Alliance about the need for security certification for cloud security service providers.  Some are currently using SAS 70 and ISO 27001, but experts say neither is sufficient for providing potential cloud customers with assurances that the provider has deployed proper security or that their data is sufficiently locked down.  According to Reavis we should expect the industry to move forward with this certificate around the first quarter of 2010.

Web Application Vulnerability Assessment Shows Patching Progress
In this article, Robert Westervelt discusses how companies are making progress in Web application security. According to the latest research by WhiteHat Inc., they found a 61% vulnerability resolution rate, which is a slight increase. There is still much work that needs to be done since 64% of websites contain at least one serious vulnerability. WhiteHat is now focusing on figuring out what works for companies that are resolving the most serious vulnerabilities quickly.

Dark Reading…
Cost, Strength Of Security Drive Users Toward SaaS Offerings
Using an excerpt from Dark Reading’s report, Security Software as a Service: Navigating The New MSSP Landscape”, Charlotte Dunlap investigates the pros and cons of security SaaS and provides tips on choosing the right provider.  She also cites an interesting study conducted by Infonetics Research— 81 percent of respondents said improving the strength of the enterprise’s security is the No. 1 reason for moving to the SaaS model.  Other top reasons cited: cost, time to deploy, and centralized management.   One key point: 82 percent of those surveyed plan to use SaaS offerings to augment, not replace, their existing security deployments.  This is a great overview of businesses’ perceptions of SaaS and their intent to move to the cloud.  For more information on this topic, download Dark Reading’s report here.

SC Magazine…
Vulnerability Assessment Integration with Web Application Firewalls
This article by Jeremiah Grossman discusses how even for proactive organizations, finding and fixing flaws in website code is a complex, time and resource intensive task. He provides a must-have checklist for organizations that includes production-safe scanning, accuracy, a precise reporting format, assessment repeatability, WAF/IDS SSL support and flexible and actionable rules. It would be ideal if a 100 percent secure code was developed, but until then Jeremiah says the integration of website vulnerability assessment and Web application firewalls allow IT security professionals to have control over website security. Having the right solution can noticeably improve how an organization handles and overcomes web vulnerability.


Posted in Highlights | Tagged: , , | Leave a Comment »