In today’s world when more and more applications are going online there is a need for strong security testing to ensure application is hacker safe. Many organizations are increasingly reliant on web application development to deliver them competitive edge which means they are opening up their computer networks to outside world.
In this article we will discuss ways to tackle web application security including what Yousif Yalda, a former Kaspersky information security officer and owner of Vulnerability Assessment & Penetration Testing has to say.
Usage of web applications is directly proportional to the number of security incidents for them i.e. the more the applications, the more the incidents. Today, web application security is finally getting more prominent attention. This attention comes with the benefit of it being addressed as a higher priority now, but with the drawback of still being in an emerging area of technology.
Yousif Yalda, owner of V.A.P.T (www.vapt-sec.com) said:
I believe security is going to head in the path of failure for quite some time until media starts playing a more notable role in discussing such topics such as web application security and the dangers of dismissing it as an IT operation. Often the people who you end up communicating with; CTO, IT staff, or perhaps even an administrator seems to be a shot in the dark.
V.A.P.T specializes in Web Application Security & Penetration Testing and Yalda is a former Kaspersky information security officer. According to him:
From experience in sales and technology combined, you would know that the CTO, IT department, and even the administrator are people you should be talking to, but even they fail to understand the need for security. Businesses spend thousands of dollars every year alone on technologies that don’t work well with the mind of a hacker. They often purchase extensive licenses for applications such as firewalls, or even install a SSL certificate to “defend” against attackers. All of these programs fail tremendously when it comes to the attacker’s point of view.
There are several technical initiatives that have been established to form a consolidated response and to increase awareness of web application vulnerabilities. Two of them are:
- A free open community project named “The Open Web Application Security Project (OWASP)” has been started to improve the security of application software. Everyone is free to participate in OWASP and all of their materials are available under an open source license. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.
- OASIS Web Application Security Technical Committee - a cross-industry group that seeks to generate XML-based schemas and classifications of web application attacks/vulnerabilities.
Yalda noted down the following important points to tackle web application security:
- Assess vulnerabilities in your present security routines
- Create an enterprise-wide curriculum customized to your absolute needs
- Provide visibility into your system of structure so you can see what’s going on
instantaneously - Secure internal and external infrastructures
- Identify logical flaws
- Develop a proactive response plan in the rare incident that your security is seized
- Reduce costs by professional consultation depending on type of service
- Automate compliance standards so they operate in a routine form
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.