By: Roman Canlas
Application Security Consultant
Web Applications have always been at the forefront of every business since the Internet boomed in the 90s. And with the advancement of the Web and its underlying technologies, the number of threats to these applications have inevitably increased.
Here are some points to ponder: We learned that 84% of all cyberattacks happen on the Application Layer. Based on recent web application attack trends that we’ve seen, 4 out of 5 applications are vulnerable to attacks with the most common vulnerabilities exploited using Cross-site scripting, SQL Injection and File Inclusion. We also discovered that the threat landscape and attack surfaces even increased throughout the years of the growth of the cloud and posed more risks as web applications move to the cloud, lessening control and visibility in every company's delivery model.
While companies try to keep up with these threats, unfortunately, their security investments do not match with the ever-expanding security threats. They easily rely on the latest Application and Vulnerability Scanners, Web Application Firewalls (WAFs), and are already content with these tools they have invested in, thinking these can keep their web defenses impenetrable. Completely not the case!
What's even worse is that there are companies that invest on security products they don't really need.
One thing to keep in mind: Your company’s defense is only as good as its weakest link. So here in BlastAsia, we recommend a better and more effective strategy – a Defense-in-Depth mindset.
Your company must commit to the “full cycle of defense” by having your web applications undergo Penetration Testing. If you are a company handling financial transactions in your web sites, the more reason for you to undergo these tests as this is part of your PCI-DSS compliance. Web application penetration testing is designed to improve the security of your web applications through a risk-based and comprehensive approach to identify critical vulnerabilities. At the end of the web app pen test process, you will receive a detailed report of the security flaws in your web application, with full summary and recommendations.
And you don’t have to do it alone.
BlastAsia has Certified Web Application Penetration Testers that will help you find those hidden threats and mitigate risks. Our commitment is to make your web applications evolve to its ideal secure state.
But as the saying goes, it "takes two to tango" so your commitment is also important to reach the full cycle of defense before it's too late!