HackDig : Dig high-quality web security articles

Is Your Organisation Tackling the Right Security Vulnerabilities?

2016-04-08 08:30

TIs_Your_Organisation_Tackling_the_Right_Security_Vulnerabilities.jpgo maximise the efficacy of your organisation’s security programme, you want to make sure you’re allocating your time, effort and budget in the right areas.

Today I’m looking at the most common mistake companies make when investing in application security, and where you should focus your attention instead.

The Biggest Application Security Mistake

Many organisations assume that the network layer of their infrastructure is the primary source of security vulnerabilities, and so invest a high proportion of their time and effort into securing their network against perceived threats.

In reality, however, it’s the application layer that is most at-risk: at least 70% of all vulnerabilities are caused by poor application security, with some estimates putting the figure as high as 90%.

So it’s vital that you take the time to review your application security programme, and align spending and effort with where the actual risks are, not where you assume them to be.

How to Tackle the ‘Right’ Security Vulnerabilities

The security landscape changes so rapidly that, even if you are investing appropriate resources in securing your application layer, it can be hard to know which vulnerabilities to tackle first. Therefore, it’s important that your organisation develops a method of categorising vulnerabilities that you discover through automated or manual security testing:

1) Severity of Risk to Customer/User

Security of user data should always be your first priority, because user satisfaction is crucial to the success of your business. Therefore, you should tackle security vulnerabilities that pose a direct threat to user data before all others.

Arxan’s recent ‘Annual State of Application Security Report’ revealed that 82% of application users would change providers if they knew alternative applications were more secure. If customer data is lost or compromised, it can lead to loss of customers, and seriously damage your company’s reputation.

2) Severity of Risk to Business

Vulnerabilities that undermine or disrupt business operations or objectives should also be high-priority, as it can seriously damage the health of your business.

The average cost of a data breach is $6.5m – covering everything from loss of business and business disruption to compensation costs – so preventing a security breach is in your company’s best interests.

3) Frequency of Occurrence

If you are repeatedly seeing similar vulnerabilities occur within your projects, this suggests there is a problem in your development process. Your developers should be taught to prioritise secure coding, and resources such as the OWASP Top 10 can help to raise awareness of the most commonly-occurring application vulnerabilities to help your developers to secure the software development lifecycle.

4) Emerging Vulnerability Trends

Finally, your security team also need to keep up with emerging security trends and new vulnerabilities, which emerge as a result of new technologies being developed.

It is good to be aware of emerging vulnerability trends, as this will help to shape your security efforts in the future, influencing everything from technology and language choices to security testing procedures. If you’re not aware of new vulnerabilities, you may be overlooking increasingly important areas of risk, and technologies that can help protect against vulnerabilities in better ways.

Security training is vital for ensuring your developers and security team have the required skills, knowledge and experience to deal with existing threats and vulnerabilities, but also emerging ones.

Tackle the security vulnerabilities that matter, and download our free whitepaper below.

how to roll out and effective application security training program

Source: renluv-ytiruces-thgir-eht-gnilkcat-noitasinagro-ruoy-si/golb/moc.eporuenoitavonniytiruces.www

Read:5148 | Comments:0 | Tags:No Tag

“Is Your Organisation Tackling the Right Security Vulnerabilities?”0 Comments

Submit A Comment



Blog :

Verification Code:

Tag Cloud