Did you know that 84% of all cyber attacks target applications, not networks? What's even more curious is that 80% of Internet of Things (IoT) applications aren't even tested for security vulnerabilities. It is 2018, and despite all the evidence around us, we haven't fully accepted the problem at hand when it comes to software security. Because we haven't accepted the problem, we are not making progress in addressing the associated vulnerabilities. Which is why after an active 2017, we are already seeing numerous new attacks before we leave the first quarter of the year.
Security has traditionally been the domain of the IT department - more specifically, the security staff and chief security officer. From these flow security policies, rules that are laid down for the protection of the company's assets. However, as we have seen in the cases of BYOD in particular and shadow IT generally - where departments will, for example, often buy in cloud services or download applications without going through IT - if employees perceive rules to be inconvenient and obstructive, they are often circumvented or ignored. Security procedures in particular are likely to be perceived as inconvenient. To take an extreme example, blocking up your front door and windows will prevent burglaries and be a very effective security measure, but it is hardly convenient.
Web app security is not something that you can bolt on after developing your app, it should be a core part of the app development process. Web applications are by design, available to others and are very much exposed to many potential threats. As such, you need to ingrain security features within each component of your app and make security a part of each phase of the software development lifecycle to ensure that it is safe from threats. There are several web application security best practices that you can follow to achieve this. These web application security best practices ensure that there are multiple layers of security incorporated in your app and development and testing processes.
Cyber security is the practice of ensuring the integrity, confidentiality and availability (ICA) of information. It represents the ability to defend against and recover from accidents like hard drive failures or power outages, and from attacks by adversaries. The latter includes everyone from script kiddies to hackers and criminal groups capable of executing advanced persistent threats (APTs), and they pose serious threats to the enterprise. Business continuity and disaster recovery planning are every bit as critical to cyber security as application and network security.
Acunetix, the pioneer in automated web application security software, will be participating in RSA Conference 2020 with a talk by one of the company's leading sales engineers, a live interview with Security Weekly, and a booth in the North Expo. Mark Schembri, Technical Sales Engineer at Acunetix, will present on "Benefits of Interactive Application Security Testing (IAST)," at the South Briefing Center, booth S-1500 on Tuesday, Feb. 25 at 12:10 pm. Schembri will talk about DAST solutions, their strengths and limitations, and how IAST may enhance their functionality by improving scan coverage and test result quality. Participants will also learn how quality improvements resulting from the use of IAST may benefit SDLC processes. Acunetix has also sponsored a booth at the conference and experts will be available at booth #6365 in the North Expo during the conference to answer questions and provide demos.