Web app security imperiled

Web app security imperiled

In the complex and interconnected modern IT climate, companies have many ways to contact their customers directly. Unfortunately, many of these useful portals can also allow attackers in. According to a recent report by Forrester, more than half of companies have had trouble keeping dangerous outsiders from attacking their web applications.

Web apps in peril
The internet has become the hub of business and communication, meaning users need easy ways to transmit information. Web apps can fill this niche, allowing firms to deliver a tailored online experience. All of the advantages of a web application vanish, however, if it becomes a liability, meaning firms need to take IT security efforts seriously.

While penetration testing and other security assessments have become vital to the app design process, Forrester found that many executives ignore them. The report concluded that 42 percent of companies engage in secure coding, with the rest missing key components of the process.

The monetary damage from a data loss can be significant. According to respondents, 51 percent of firms suffered a breach through a web application over the past 18 months. Some of those attacks led to monetary trouble, with two of the companies involved losing over $10 million.

"It's clear that security practitioners and developers aren't speaking the same language when it comes to application security, and this is leading to very costly consequences for companies," said Jennifer Johnson of Coverity, the survey's sponsor.

Separate confirmation
Another study, funded by Alert Logic, also found serious risks in web applications, but noted that the cloud is not more vulnerable than on-premise architecture. In every category of attack, companies experienced less trouble with cloud systems than on-premise hardware. The survey found approximately half of companies suffered breaches, putting its numbers in line with Forrester's. Many of the cybercriminals worked with free and easy-to-acquire tools.