A recent DarkReading article by Robert Lemos covers the lack of security expertise in companies developing in-house applications. This timely article explains the importance of sourcing security expertise from firms that are focused on application threats (and the application of fixes to these found problems).
My recent post about SQL Injection (SQLi) findings, which references Veracode’s infographic and the pervasive lack of application-security awareness, notes that 30% of breaches still come from SQLi. This data point clearly points out the lack of awareness at minimum, but also suggests that most organizations don’t really know how to deal with the problem.
The DarkReading article could have gone further by covering what a fix is, and what applying a control to a problem really means for an organization. Just as organizations require expertise in uncovering vulnerabilities, they also need expertise in fixing these — both are critical and ongoing processes. Hence, finding the problem and fixing it must go hand in hand.
One reason we invest so heavily in our ADC research team is the acknowledgment that our customers depend on us to mitigate web security threats. At the end of day, a WAF is application security expertise packaged in a product to mitigate web threats.
What can you do to fix web application vulnerabilities?
- Educate yourself about web application security risks
- Choose a company expert at helping you identify web application security problems in your own data center.
- Mitigate the discovered problems (and other undiscovered problems) using a WAF. One example is our collaboration with WhiteHat.
- Fix the code and patch the systems. Although not all problems can be fixed by a code patch, this is an important step in lowering the overall risk.