September 24, 2013

Lost and Found in the Dark

IStock_000010945810XSmallA recent DarkReading article by Robert Lemos covers the lack of security expertise in companies developing in-house applications. This timely article explains the importance of sourcing security expertise from firms that are focused on application threats (and the application of fixes to these found problems).

My recent post about SQL Injection (SQLi) findings, which references Veracode’s infographic and the pervasive lack of application-security awareness, notes that 30% of breaches still come from SQLi. This data point clearly points out the lack of awareness at minimum, but also suggests that most organizations don’t really know how to deal with the problem.

The DarkReading article could have gone further by covering what a fix is, and what applying a control to a problem really means for an organization. Just as organizations require expertise in uncovering vulnerabilities, they also need expertise in fixing these — both are critical and ongoing processes. Hence, finding the problem and fixing it must go hand in hand

One reason we invest so heavily in our ADC research team is the acknowledgment that our customers depend on us to mitigate web security threats. At the end of day, a WAF is application security expertise packaged in a product to mitigate web threats.

What can you do to fix web application vulnerabilities?

  • Educate yourself about web application security risks
  • Choose a company expert at helping you identify web application security problems in your own data center.
  • Mitigate the discovered problems (and other undiscovered problems) using a WAF. One example is our collaboration with WhiteHat.
  • Fix the code and patch the systems. Although not all problems can be fixed by a code patch, this is an important step in lowering the overall risk.

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.