Did you know that 65% of all reported attacks in 2007 were in the application layer, according to the FBI? Applications are the new playground for hackers and with more apps being developed daily, it makes for one very tempting area for the bad guys. Let’s look at three ways you can make a difference in blocking these attacks:
- Integrate Application Security into the Software Development Life Cycle (SDLC). Add security to the following phases: requirements, business impact analysis, functional testing, and quality assurance. When you improve your SDLC in this way, you will catch red flags during the designing phase and not later. You’ll also ensure that the security team recognizes the impact and interactions necessary for security and increase the consistency in maintaining standards.
- Get Proactive – Develop programming standards, embrace development frameworks, create baselines for internal and external applications, create testing procedures, and – make sure to publish this information internally.
- Educate Developers – This is the most important strategy. It can eliminate a significant number of vulnerabilities by providing an ongoing general awareness. Deep training for leaders will build a strong foundation for training teams who will be empowered to implement a stronger appsec program. Helping developers evaluate outdated applications, for instance, will go a long way toward preventing any potential vulnerabilities from being exploited.
SQL injection and XSS account for 32% of all indents alone! More web applications are being developed which means more targets for the attackers. The threats are data loss, regulatory and legal issues, a loss of customer confidence, a loss of system/network control, an increase of more bots, phishing expeditions, and malware. By following these tips, you will significantly decrease the number of attacks.
Evaluating your frameworks can really help with determining outdated software that would affect your applications; both internal and external. Should you have any questions about the tips or desire additional assistance in the design of your appsec program, please don’t hesitate to contact MSI for help.