Recently, Forbes published an article titled #1 Cyber Security Threat to Information Systems Today, which was based on findings of a survey commissioned by Sungard Availability Services. So what claimed that dubious top spot? Vulnerable web applications, according to 55% of the respondents.
Various Software Applications linked to Enterprises can provide multiple gateway to intruders
Converging factors
“There are a few factors that converge to make applications a tricky cyber security concern for many organizations,†says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier  provider of cyber security solutions headquartered in New York City.
“First is sheer volume. There are so many web apps today which organizations use on so many different platforms that the numbers alone can be dizzying, not to mention the resources, experience, personnel and tools needed to effectively keep tabs on the security aspect of them all. Then there is the sea of developers building apps who come out of the woodwork from every corner of the globe with promises to deliver effective customized apps at bargain rates. But far too often, security is not entrenched in the DNA of these coders. In their world, functionality, convenience, and effectiveness are markers of success, and they often deliver those aspects very well. But what good is a Lamborghini if it has no brakes or safety features? By the same token, if security isn’t baked into the development cycle of an application, an organization can find themselves with a wide open door for hackers to exploit their most sensitive and valuable data, leaving a costly, tangled mess to rival the fireball that Lamborghini would be destined for.â€
The most effective application security measures are about prioritizing threats, both from a cause and effect standpoint. Full in-depth testing of every single application is normally not an option. It may be for a small organization with a very limited amount of apps, but for larger organization with thousands on the books and new ones getting implemented all the time, the man hours and costs associated with that kind of testing would be prohibitive to say the least. But all apps are not created equal. Some pose an insignificant threat, they don’t relate to critical company information or client data, or don’t provide the means to provide a gateway to an intruder, these would be a very low priority, whereas others may be a medium or high risk and should be looked at accordingly. But that still leaves a lot of room open for interpretation and still requires specialized tools, methods and expertise to approach the problem with any real hope for success.
Assess, test, address.
A professional vulnerability assessment to determine what risks exactly are posed by each application is essential, coupled with comprehensive penetration testing on every application which is determined to be susceptible to outside attack.
Experts like Global Digital Forensics that specialize in testing, identifying, prioritizing, and remediating threats posed by vulnerable applications are key. Or as Caruso put it, “There are not many places out there that have the resources, professional affiliations, personnel, tools and knowledge base that we have at our disposal. We live and breathe this stuff, always staying on top of the newest trends and threats. So when we’re done with our application security testing, our clients can breathe a lot easier by knowing exactly where they stand, what they need to watch out for, and what it’s going to take to elevate and maintain the security of all those applications they are relying on to not only survive, but thrive in today’s competitive digital world. Our initial consultations are free, so there is nothing to lose to find out just how painless and reasonable we can make the entire process, so give us a call and see for yourself, because the alternative can be truly frightening, and costly.â€