Protecting Web Applications without Disrupting the Business

Shutterstock, picture ID: 1092854642

Major cyber-attacks continue to make headlines in the media and companies affected have very little time to react before the media, consumers, regulators law enforcement and financial analysts get involved. The consequences of these attacks can be devastating and range from reputational damage to lost revenue and recovery costs. According to a study from 2018 by the Ponemon Institute, these attacks cost organizations on average $3.86 Million per incident. It is no surprise that organizations can feel caught in a crossfire.

Attacking web applications

Web applications have become an increasingly targeted component of companies´ IT estates. There has been a high number of recent incidents where personal data was stolen or websites were taken down through cyber-attacks. Cyber-security incidents on web applications can be grouped into two main categories: Distributed Denial of Service (DDoS) attacks that aim to take websites offline and data breaches that are designed to exfiltrate sensitive data. Both DDoS attacks and data breaches offer criminals a potentially easy, low-cost and high-reward target.  

How to secure web applications

Organizations should refer to the Open Web Application Security Project (OWASP) – an open community that aims to enable organizations to develop, purchase and maintain API´s and applications that can be trusted. The yearly published OWASP Top 10 list shows the 10 most critical web application security risks.

Furthermore, understanding the risk exposure of an application is the most important factor when it comes to web application security. This can be achieved at a holistic level by asking 3 key questions of each stakeholder within the company:

• What´s important? Look at the web application from an enterprise-wide risk perspective.
• What´s dangerous? Identify the threats that may apply to this application based on its exposure.
• What´s real? Define, which of the dangerous threats are realistic to expect.

By answering these questions, organizations are enabled to develop a realistic risk profile so that development and security teams can work aligned to minimize the risk of applications being exposed.  

Web application security

A protection solution should heavily rely on automation in order to quickly adapt to changes in the environment and block attacks proactively. The approach should be highly sophisticated and utilize the latest technologies such as machine learning algorithms that can generate intelligence from both the external connection and back end application. These are the key requirements a solution should provide in order to deliver sufficient protection for a company´s web applications.

Download full whitepaper here.