Applications play an important role in our lives. Applications facilitate communication and help us in various different ways. At work, in our day-to-day lives, in how we communicate and how we access information. Despite this, applications can also pose a security threat. Poorly coded applications with inadequate security can result in attacks, and worst-case scenario – data breaches. Web application attacks are lucrative targets for hackers, and they are constantly looking for new ways to access, steal and delete business data and personal data.
During Q3 2017, attacks on web applications increased by 63%. In Q4 2017, 268 million attacks were performed against web applications in the United States, and over 19 million attacks in the United Kingdom.
Most common threats to web applications
The OWASP (The Open Web Application Security Project) lists the 10 most common threats to applications each year. The report also specifies some of the actions companies can take to counteract each type of attack. You can find the report here.
What can you do to protect your company?
Some of the main reasons why attacks on web applications are successful are due to an insufficient level of security, and the lack of a security focus when developing applications. Thus, usually the biggest challenge does not lie in the technical specifics, but in the management’s mindset when it comes to prioritizing security in business and product development. Nevertheless, there are ways to improve the security of applications, some of which we will guide you through now.
Foster Security by Design – Also, implement a security mindset in the corporate culture, and ensure that it is reflected throughout the entire application life cycle – from early development to launch and post-launch.
Use a Web Application Firewall – A WAF can prevent the most common attack types, such as SQL injection and cross-site scripting. We have previously written about what a Web Application Firewall is and how it works.
Test security, and do it regularly – To ensure a high level of security, applications need to be tested regularly. Unfortunately, this is something that is often overlooked. Performing penetration tests on your applications is fundamental and an effective way to evaluate the security of applications. You can then identify vulnerabilities and security gaps before hackers do.
Integrate with other security measures – When it comes to information security, one should think in layers. Protecting web applications is one aspect, but there are other layers of security. We recommend that you have protection against DDoS attacks in place, protect your Domain name system (DNS) and encrypt important data using for example an HSM. The OWASP has drafted an application security architecture cheat sheet, which you can find here.