The digital realm is leaking in the physical world. As technology trudges on the road of progression the line that separate these two places are thinning by the minute. And the bad and the horrific are passing through back and forth.
A Sobering Number
It’s estimated that nearly half of online businesses are bleeding millions because of cyber-attacks. This isn’t because of the intrusion itself, but also is attributed to customers losing trust to a particular business, compensations, additional budgets allocated to security measures, and more.
If you’re a business owner operating in the digital world heed this warning, especially if you’re incorporating web apps on your site as web apps are the highest target of digital crime at the moment due to the ease an attacker has to overcome to penetrate it.
One of the major cause of this is developers doesn’t really place much emphasis on security when building a web application.
Jeremiah Grossman, founder of White Hat Security offering web security services, said this is because developers see this as a hassle for the reason they find it difficult to gauge the value gain from it, and they aren’t well verse in measuring security.
In a report recently published by White Hat evaluating more than 30,000 websites using their Sentinel services, a staggering 86 percent have been found to have one vulnerability that falls in the “serious” category.
This means that an attacker could partially or completely take over a website, jeopardizing user accounts on the system, retrieve sensitive information, bypass compliance requirements, and, at worse, make headline news.
As of now there are a lot of developments that are being made in reinforcing the security on web apps. The Asia-Pacific Web Application Market have seen a 34 percent growth in the last two years, and reached a market size of $155.9 million last year.
This just show that the companies involve in e-commerce, banking, and other online businesses are taking urgent measures to protect themselves from these attacks.
But what exactly are these measures that should be followed by developers? What are the best practices when it comes to web app security?
According to White Hat practices such as employing penetration testers, using static analysis into the software code review phase, and executing ad-hoc code reviews of high-risk apps usually yield positive result on certain facets, but doesn’t significantly impact others.
Grossman suggested three web security metrics that every company should track: number of vulnerabilities, percentage of metrics getting fixed, and the speed in which repair is accomplished.
Grossman went on to add that these best practices often positively affect one or two metrics but rarely does it cover all three. Organizations should identify which metrics are the most significant to them and focus their attention to those that’s been recognized.
Another good thing that came out from this is that companies and developers are quickly learning the methods of attacks that are favored by those at the other side of the lake. The next step is creating a security measure that will make it more difficult for these attackers to overcome, and the speed in which this measure identify and counter those attempting to breach the system.