Web Application Security

Jason Kent, Vice President, Web Application Security Product Management at Qualys, participates in Risk Roundup with Jayshree Pandya to discuss “Web Application Security”.   Introduction The World Wide Web (WWW) has brought a quiet revolution that is impacting individuals and entities across nations: its government, industries, organizations and academia (NGIOA) in cyberspace, geospace and space (CGS). When any revolution comes with a potential of fundamental transformation, managing its security risks, both tactical as well as strategic, becomes a critical necessity. With the transformative potential World Wide Web brings to individuals and entities across NGIOA in the way they communicate, it is becoming increasingly clear that it has brought them, not only much needed connectivity across CGS, but also an explosion in information sharing capabilities through social networking, between individuals and entities across NGIOA. As individuals and entities across NGIOA take a step forward in how they communicate, interact, socialize, manage, govern, conduct business and deliver digital products and services, there is a need for caution. This is largely due to the fact that world wide web, web infrastructure, websites and web applications have been, or are becoming more vulnerable to security challenges. Due to this, evaluating the security risks of web applications is now a growing necessity across NGIOA. Along with the security of the web applications themselves, there is also a need for more focus on the security of the underlying computer network, operating systems, host servers and databases. Web application security vulnerabilities could compromise not only the financial situation,and viability of their current initiatives, but also the security, survival and sustainability of any individual or entity across NGIOA. With millions of cyber-attacks happening annually, cyber-crime is already a real threat to anyone using computers, smartphones, tablets, Internet of things and other gadgets and machines on the web. Growing Cyber Attacks It is reported that there are over thousands of cyber-attacks occurring every day. Irrespective of individuals or entities across NGIOA, everyone is targeted and impacted by the on-going cyber attack and cyber -crimes. Somebody’s identity is stolen, or someone’s confidential data is stolen every few seconds. Either someone falls prey to financial loss or someone falls prey to character assassination as a result of cyber-crimes. So the question is when so many cyber-crimes are occurring every single day across nations, does web application security play a role? Security Threats Security threats are multiplying all across nations and targeting all of its components: government, industries, organizations, academia and individuals. Be it individuals or entities across NGIOA, serious damage is inflicted by cyberspace criminals who manipulate application vulnerabilities against the user systems  that are not proactive, prepared and protected. Across NGIOA, the number of web application security incidents are growing faster than security professionals can comprehend globally. The consequences are critical at all levels, not only for the individual or entity using the application but everyone that has interconnected dependencies with that user, application or entity. Amidst that, it is important to evaluate whether the preferred method for cyber-criminals attacking NGIOA assets in cyberspace or geospace is through their web applications. A Never Ending Battle Individuals and entities across NGIOA are being targeted and attacked by hackers or cyber criminals who constantly refine their methods. Who is targeted and who is targeting, from which nation, industry, affiliation or size is not relevant anymore.