Forbes published an article on March 12th, 2015, titled ‘#1 Cyber Security Threat to Information Systems Today’. This article was based on a research by Sungard Availability Services. According to 55% respondents, vulnerable web applications claimed the top spot Router Bit B0CKYF61FL.
According to Joe Caruso, CEO/CTO and founder of Global Digital Forensics (GDF), a leading cyber security solutions provider, “There are a few factors that converge to make applications a tricky cyber security concern for many organizations. First is sheer volume. There are so many web apps today which organizations use on so many different platforms that the numbers alone can be dizzying, not to mention the resources, experience, personnel and tools needed to effectively keep tabs on the security aspect of them all. Then there is the sea of developers building apps who come out of the woodwork from every corner of the globe with promises to deliver effective customized apps at bargain rates. But far too often, security is not entrenched in the DNA of these coders. if security isn’t baked into the development cycle of an application, an organization can find themselves with a wide open door for hackers to exploit their most sensitive and valuable data, leaving a costly, tangled mess.”
Risks Posed by Applications Can Be Managed
Cyber security solutions can help in managing application security. These measures are all about prioritizing threats from cause and effect standpoint. Complete in-depth testing of each application is usually not an option. It is meant for smaller organizations with limited amount of apps, but for bigger organizations with thousands of apps, the cost associated with testing would be very restrictive.
All apps are not the same and some pose negligible threat, as they are not concerned with important company information and client data. Such apps will not provide a gateway to intruders. The security of these apps are low in priority, while others pose medium to high risk and should be managed accordingly. There is a lot of room for interpretation and specialized tools and expertise is required to tackle the problem.
Professional Vulnerability Assessment Required
For complete web application security, a professional vulnerability assessment is required. It can determine the risks posed by every application. This along with a comprehensive penetration testing on each application can determine the vulnerabilities susceptible to cyber-attacks. Vulnerable application threats should be tested, identified and prioritized, to create remediation threats.